Quantcast

Tuesday, July 29, 2014         

 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

Twitter says hackers compromise 250K accounts

By Associated Press

POSTED:
LAST UPDATED: 06:17 p.m. HST, Feb 01, 2013


SAN FRANCISCO >> In the latest online attack, Twitter said Friday that hackers may have gained access to information on a quarter of a million of its more than 200 million active users.

The social media giant said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected.

But it discovered that the attackers may have gained access to usernames, email addresses and encrypted passwords belonging to 250,000 users. Twitter has reset the pilfered passwords and sent emails advising users that they'll have to create a new one.

"This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," the blog said. "For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."

The hack is the latest high-profile cyber-attack on U.S. media and technology companies recently. The New York Times and The Wall Street Journal reported this week that their computer systems had been infiltrated by China-based hackers.

One expert said that the Twitter hack probably happened after an employee's home or work computer was compromised through a vulnerability in Java, a commonly-used computing language whose weaknesses have been well publicized.

Ashkan Soltani, an independent privacy and security researcher, said such a move would give attackers "a toehold" in Twitter's internal network, potentially allowing them either to sniff out user information as it traveled across the company's system or break into specific areas, such as the authentication servers that process users' passwords.

In a telephone interview Friday, Soltani said that the relatively limited number of users affected suggested either that attackers weren't on the network long or that they were only able to compromise a subset of the company's servers.

Twitter is generally used to broadcast messages to the public, so the hacking might not immediately have yielded any important secrets. But the stolen credentials could be used to eavesdrop on private messages or track which Internet address a user is posting from.

That might be useful, for example, for an authoritarian regime trying to keep tabs on a journalist's movements.

"More realistically, someone could use that as an entry point into another service," Soltani said, noting that since few people bother using different passwords for different services, a password stolen from Twitter might be just as handy for reading a journalist's emails.

___

Associated Press Writer Raphael Satter in London contributed to this report.







 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

COMMENTS
(2)
You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
GONEGOLFIN wrote:
It wont be long before our technology is taken too far and destoyed by either hackers, terrorist, or the machines themselves. We better all get used to "old school" methods to include sending mail via snail-mail.
on February 1,2013 | 03:21PM
adri1456 wrote:
and this is why I use different usernames and passwords for everything I do online.
on February 1,2013 | 06:57PM
IN OTHER NEWS
Breaking News
Blogs
Political Radar
`My side’

Political Radar
‘He reminds me of me’

Bionic Reporter
Needing a new knee

Warrior Beat
Monday musings

Small Talk
Burning money

Political Radar
On policy

Warrior Beat
Apple fallout