Twitter revealed on Friday night that its social network was hacked, and as many as 250,000 accounts were compromised in the process.
Bob Lord, director of information security for the San Francisco-based start-up, announced in a blog post Friday evening that the company had detected “unusual access patterns” earlier in the week.
Lord said that Twitter managed to shut down one hacking attempt while it was still in progress, but it nevertheless found that up to 250,000 accounts were compromised overall. The hackers gained access to such user information as Twitter handles, e-mail addresses, session tokens and encrypted passwords.
To prevent further damage or misuse of the hacked accounts, Twitter terminated the session tokens and reset passwords on the affected accounts. Lord said that affected users would receive an email notification and be required to change their password.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” Lord continued. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information.”
The Twitter hack comes at the end of a week of high-profile hacks against U.S. companies like the New York Times Co. (NYSE:NYT) and News Corp. (NASDAQ:NWSA), whose flagship newspaper, the Wall Street Journal, revealed just a day earlier than Twitter that it was the victim of Chinese hackers.
“As you may have read, there’s been a recent uptick in large-scale security attacks aimed at U.S. technology and media companies,” Lord wrote. “Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers.”
Unlike the New York Times or Wall Street Journal hacks, however, Twitter did not reveal any information or knowledge that it might have about the identity or motivation of the hackers behind the recent attack on the social network.
Lord added that Twitter is now “helping government and federal law enforcement in their effort to find and prosecute these attackers.”
In the meantime, Twitter suggested that users adopt better security “hygiene” such as disabling Java plug-ins inside their Web browsers since the software is known to be particularly vulnerable to hacks.
To contact the editor, e-mail: