World known micro blogging and social networking site, Twitter has admitted that their site had been breached on late Friday. Nearly 250 thousands of Twitter users account may have been compromised on this attack. On a recent blog post Twitter has confirmed the news of this attack.
Twitter stated that they have detected unusual access patterns and unauthorized access to twitter user data like username, email addresses, session tokens and encrypted passwords earlier this week. The company is calling this incident as a “Sophisticated Attack” as Twitter’s director of Information Security Bob Lord said in the blog post that, “This attack was not the work of amateurs, and we do not believe it was an isolated incident,” he also added that, “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”
It is also being addressed that within last two weeks the New York Times and Wall Street Journal’s web site has also been attacked and security has been breached. Earlier on January 10th of 2013, Homeland Security has issued a vulnerability note on their web site that states, “Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.” Now it is being presumed that this attack may have been linked with the recent Java update vulnerability. However, as a precautionary measure Apple and Mozilla have turned off Java by default in their browsers.
On the other hand, Twitter also confirmed that they have reset passwords and revoked session tokens of all the affected accounts. If your account is one of those accounts, very soon your will also receive email from Twitter asking you to create a new password. The company also suggested every single users to use stronger password with at least 10 characters mixed with upper and lowercase letters, numbers and symbols.
Source: Twitter Blog