Social media giant Twitter is the latest victim of an internet security attack.
The San Francisco-based company now joins the likes of the New York Times and Wall Street Journal, which have also reported breaches of their systems within the last two weeks.
‘Unusual access patterns’ were detected by staff at Twitter which led to them identifying unauthorized access attempts to Twitter user data.
Not an isolated incident
It is thought the attackers may have accessed usernames, email addresses, session tokens and encrypted/salted versions of passwords for about 250,000 users.
“This attack was not the work of amateurs and we do not believe it was an isolated incident,” a Twitter spokesman said.
“The attackers were extremely sophisticated and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information.”
As a precautionary security measure, Twitter has reset passwords and revoked session tokens for certain accounts.
The hunt for attackers
Those affected will find their old password invalid and would have received an email from Twitter, or soon will, asking them to create a new password.
Twitter is now helping government and federal law enforcement in their effort to find and prosecute the attackers.
“Though only a very small percentage of our users were potentially affected by this attack, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the internet,” a Twitter spokesman added.
Bosses at Twitter have also echoed the advisory from the US Department of Homeland Security, and are encouraging users to disable Java in their browsers.
Last week The New York Times said that over the last four months, Chinese hackers have ‘persistently’ attacked the newspaper by infiltrating its computer systems and getting passwords for its reporters and other employees.
The Times uses Symantec, the world’s biggest antivirus-software maker, but even Symantec said ‘antivirus software alone is not enough’ to protect companies against cyber-attacks.
A Symantec spokesman said: “Turning on only the signature-based antivirus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats.
“We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Antivirus software alone is not enough.”
The Wall Street Journal reported that Chinese hackers, believed to have government links, had been conducting wide-ranging electronic surveillance of media companies, including The Wall Street Journal, apparently to spy on reporters covering China and other issues.
Bloomberg, which had been blocked in China for its China coverage, also reported that hackers had attacked it, but did not succeed in gaining entry.