LONDON: Around 250,000 Twitter users may have had their accounts compromised by computer hackers, Sky News reports.
The social networking site said usernames, email addresses and encrypted passwords may have been taken during an “extremely sophisticated” attack on its systems. It said one attack was shut down moments after it was detected, adding that the passwords of users who may have been affected had been reset.
In a blog posting, Bob Lord, director of information security at Twitter, said there had been “a recent uptick in large-scale security attacks aimed at US technology and media companies,” with the New York Times among those targeted.
He said: “Our investigation has indicated the attackers may have had access to limited user information — usernames, email addresses, session tokens and encrypted/salted versions of passwords — for approximately 250,000 users.
“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. This attack was not the work of amateurs and we do not believe it was an isolated incident,” he added. “The attackers were extremely sophisticated and we believe other companies and organisations have also been recently similarly attacked.”
One expert said the hackers may have gained access through an employee’s home or work computer by exploiting vulnerabilities in Java, a widely-used computing language.
Ashkan Soltani, an independent privacy and security researcher, said such a move would give attackers “a toehold” in Twitter’s internal network, potentially allowing them to track user information as it travelled across the company’s systems or break into specific areas, such as the authentication servers that process users’ passwords.