SAN FRANCISCO: In one of the biggest hacking attacks in recent times, social networking site Twitter was on Friday hacked compromising about a quarter of a million accounts of its more than 200 million active users.
Twitter said in a blog post that is has discovered that the attackers may have gained access to usernames, email addresses and encrypted passwords belonging to 250,000 users.
Meanwhile, Twitter has reset the pilfered passwords and sent emails advising users that they'll have to create a new one.
Twitter blog post also mentions that it had detected attempts to gain access to its user data in the recent times and when on to shut down one attack moments after it was detected.
"This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," the blog said. "For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."
The hack is the latest high-profile cyber-attack on US media and technology companies recently. The New York Times and The Wall Street Journal reported this week that their computer systems had been infiltrated by China-based hackers.
One expert said that the Twitter hack probably happened after an employee's home or work computer was compromised through a vulnerability in Java, a commonly-used computing language whose weaknesses have been well publicized.
Ashkan Soltani, an independent privacy and security researcher, said such a move would give attackers "a toehold" in Twitter's internal network, potentially allowing them either to sniff out user information as it traveled across the company's system or break into specific areas, such as the authentication servers that process users' passwords.
In a telephone interview Friday, Soltani said that the relatively limited number of users affected suggested either that attackers weren't on the network long or that they were only able to compromise a subset of the company's servers.