Just a short time ago Twitter posted about a security threat that may have given hackers access to over 250,000 users. The attack, which follows a string of recent attacks on U.S. websites such as The New York Times and Wall Street Journal, have forced the social media giant to take action to protect its users.
This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/saltedversions of passwords – for approximately 250,000 users.
As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.
Twitter believes the attack was carried out by very savvy individuals and does not believe it to be an isolated incident. While the company has not completed its investigation it announced the attack because of its severity and the belief that other websites may also be impacted.
If you were impacted Twitter suggests creating a strong password that isn’t utilized across multiple accounts. The password should be at least 10 characters, with a mixture of upper- and lowercase letters, numbers, and symbols.
The story is still developing, but users should be on the look out for the mentioned emails and as a safety precaution update their passwords.