Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Twitter Hacked – 250K accounts may have been compromised

Today Twitter announced that has detected some suspect patterns related an unauthorized access attempts to Twitter user data, in a nutshell hackers breach Twitter this week and may they obtained access to authentication credentials and other information for as many as 250,000 user accounts. Bob Lord ,Director of Information Security, at Twitter wrote in a […]

Twitter Hacked – 250K accounts may have been compromised

Today Twitter announced that has detected some suspect patterns related an unauthorized access attempts to Twitter user data, in a nutshell hackers breach Twitter this week and may they obtained access to authentication credentials and other information for as many as 250,000 user accounts.

Bob Lord ,Director of Information Security, at Twitter wrote in a blog post:

“We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.”

the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords” he added.

Twitter company has prompted replied to the incident, first of all making outing of the breach to preserve its clients and has reset passwords and has revoked session tokens for compromised accounts.

“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.”

Who is behind the attack?

No doubts according Twitter security experts, we are facing with a structured cyber attack conducted by professionals, Bob Lord commented:

” This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. “

There aren’t detailed info on the attack and it’s not clear the entity of the data exposed neither the Twitter’s systems compromised, Twitter’s blog post indicate that the attackers have exploited a zero day vulnerability in Oracle’s Java software.

Of course many assumptions are circulating on internet, most interesting the one that suggests that principal press agencies and social media platforms are subject to state-sponsored offensives having cyber espionage purpose.

Social media platforms manage a huge quantity of information that’s why they represent a privileged target for hackers, following the revelation of the attacks to the New York Times network, Chinese hackers seem to be the prime suspects.

We must be conscious that the frequency of similar attacks will increase in the time, US Secretary of State Hillary Clinton said on Thursday that there has been an increase in hacking attacks on both state institutions and private companies, so it is necessary a different security approach to defend cyber assents.

Bob Lord also invited Twitter users to adopt efficient password policy:

“we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet. Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised.”

Pierluigi Paganini