Twitter's servers have been breached
by "extremely sophisticated" hackers who may have made off with user
names and passwords for about 250,000 users, the company said Friday.
Twitter said unusual access patterns
led it to identify the attacks, which took place during the past week.
"We discovered one live attack
and were able to shut it down in process moments later. However,
our investigation has thus far indicated that the attackers may have had access
to limited user information -- usernames, email addresses, session tokens and
encrypted/salted versions of passwords -- for approximately 250,000
users," Twitter Director of Information Security Bob Lord said in a blog post.
Twitter reset the passwords and
revoked session tokens for the accounts, and said it was emailing the affected
users Friday and telling them to reset their passwords.
Twitter
password tips
Twitter urged all its users to
ensure they are using strong passwords on Twitter and elsewhere on the
Internet. Passwords should be at least 10 characters and use a mix of upper-
and lowercase letters, as well as numbers and symbols, the site said.
"Using the same password for
multiple online accounts significantly increases your odds of being
compromised," Twitter said. "If you are not using good password
hygiene, take a moment now to change your Twitter passwords."
For extra safety PC Advisor recommends you reset
your Twitter password from within Twitter rather than via any email, in case
these emails are now being spoofed. Follow PC Advisor on Twitter.
There have been reports that
phishers have already started sending out fake Twitter emails encouraging
people to give up their Twitter passwords.
We therefore recommend that you
don't click on links in emails (however official looking) asking you to change
your Twitter password. Go directly to the Twitter site,
log in as normal, and change your password there.
The password should contain numbers,
punctuation, and upper- and lower-case letters. It shouldn’t include anything
likely to be found in a dictionary or a common name.
Longer is better. A 15-character
password could be 90 times harder to crack than a 14-character one.
“Create a formula that you'll
remember but no one else could guess. For instance, you could use the name of
your alma mater, spelled backwards, capitalizing every letter that rhymes with
the word tree, followed by your phone number typed while
holding down SHIFT (to get punctuation), and ending with the year you were
born, squared,” writes PCWorld’s Lincoln Spector.
Keep in mind your passwords should
never include any personal information, because any novice hacker can easily
find out your full name, the names of your spouse or children, your pets, or
your favourite sports teams.
It’s also important to use a
different password for various sites - never use the same password twice,
advises Christina DesMarais.
Sophisticated
attack
"This attack was not the work
of amateurs, and we do not believe it was an isolated incident," the
company said in its post.
It noted that The New York Times and
The Wall Street Journal also said they'd been targeted by hackers this week. Those companies
said the attacks originated in China, but Twitter did not point to a country of
origin.
Twitter said it thinks other
companies and organizations have recently been similarly attacked.
The company said it was still
gathering information about the attacks and is working with federal law
enforcement agencies to prosecute the attackers.
No comments:
Post a Comment