The good news is hackers got away with usernames, session tokens and hashed passwords from 250,000 accounts. GOOD NEWS??? Well, it was good news in that Twitter detected access patterns that showed it was being hacked and shut down the attack while it was in progress. So you could say the good news is that there could’ve been worse news.
As a precaution, Twitter says it shut down those affected session tokens and has reset the hacked accounts.
Venturebeat.com quotes Twitter director of information security Bob Lord saying, “This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information.”
By discussing the attack almost as it is happening, Twitter’s actions are unusual. Companies generally are mum so they won’t tip off the hackers or disrupt an ongoing investigation. However, Meghan Kelly on venturebeat.com notes, “In the wake of both The New York Times and the Wall Street Journal admitting to hacks, it seems now is not the time to keep quiet.”
Lord went on to say that Twitter is “helping government and federal law enforcement in their effort to find and prosecute these attackers.” He also advised people to turn off Java because of the recently discovered exploit that allows cybercriminals to stealthily install malware on their computers when users visited compromised Websites.
Twitter says users who learn their accounts have been compromised will have to reset their passwords because they will no longer have access to their accounts as they currently stand.