Twitter, a very popular online social networking becomes the latest victim of cyber-attacks. Twitter, confirmed on Friday that hackers gained access to information of nearly 250 million users across the world.
"We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information -- usernames, email addresses, session tokens and encrypted/salted versions of passwords -- for approximately 250,000 users," Twitter Director of Information Security Bob Lord said in a blog post.
Twitter resets the password of all the affected accounts and mailed to the affected users, asked them to reset their password. According to Company, "This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," the blog said. "For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."
Ashkan Soltani, an independent privacy and security researcher, told Associated Press such a move would give attackers "a toehold" in Twitter's internal network, potentially allowing them either to sniff out user information as it traveled across the company's system or break into specific areas, such as the authentication servers that process users' passwords.
He said that the relatively small number of users affected suggested either that attackers were not on the network long or that they were only able to compromise a subset of the company's servers.
Bob Lord, Twitter's director of security, said: "We encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the internet.
"Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols."
