Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

If You Get a Tweet Saying Your Account’s Been Hacked…Believe It. 250,000 Twitter Accounts Compromised.

Posted
ThreatMetrix
By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

The good news is hackers got away with usernames, session tokens and hashed passwords from 250,000 accounts. GOOD NEWS??? Well, it was good news in that Twitter detected access patterns that showed it was being hacked and shut down the attack while it was in progress. So you could say the good news is that there could’ve been worse news.

As a precaution, Twitter says it shut down those affected session tokens and has reset the hacked accounts.

Venturebeat.com quotes Twitter director of information security Bob Lord saying, “This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information.”

By discussing the attack almost as it is happening, Twitter’s actions are unusual. Companies generally are mum so they won’t tip off the hackers or disrupt an ongoing investigation. However, Meghan Kelly on venturebeat.com notes, “In the wake of both The New York Times and the Wall Street Journal admitting to hacks, it seems now is not the time to keep quiet.”

Lord went on to say that Twitter is “helping government and federal law enforcement in their effort to find and prosecute these attackers.” He also advised people to turn off Java because of the recently discovered exploit that allows cybercriminals to stealthily install malware on their computers when users visited compromised Websites.

Twitter says users who learn their accounts have been compromised will have to reset their passwords because they will no longer have access to their accounts as they currently stand.

ThreatMetrix
By ThreatMetrix Posted