250,000 passwords stolen by Twitter hackers
Twitter, which has a total of 175 million users, shut down moments after a security breach was detected on Friday that enabled access to login names, e-mail addresses and passwords of 250,000 users.
Although not able to identify the attackers, the company released a statement stating that they believed this “was not the work of amateurs, and we do not believe it was an isolated incident” and should be treated as “extremely sophisticated”.
“For that reason we felt that it was important to publicise this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
The hacking is the latest in a series of high profile cyber-attacks this week that include the Wall Street Journal and New York Times – in which hackers are suspected of being in their systems for four months, as well as Anonymous’ hack of US Sentencing Commissions site and unsuccessful attacks on Bloomberg LP.
The code breach seems to have mostly affected Twitter’s earliest users, including investors and employees, and is believed to have been pushed through the programming code Java, which the US Homeland Security has recommended be disabled due to high vulnerability.
Both Apple and Mozilla have released updates in response to disabling Java in their respective browsers.
Oracle, which owns Java, released a “critical patch update” for the software on Friday following the attacks.
Twitter has sent e-mails informing the 250,000 affected users that their passwords have been reset and to change their passwords via the site for security reasons.