The social media site is unsure who is behind the attack but it has reset passwords for the hacked accounts.
Twitter users beware. Your account may be compromised.
A statement posted on the Twitter blog says that an investigation showed that attackers may have had access to usernames, email addresses, passwords and session tokens for approximately 250,000 users.
"This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later." the company said in a blog post by their Information Security Director Rob Lord.
As a precaution, Twitter has reset passwords and revoked session tokens for the accounts that were hacked. Users of those accounts will also receive an email notifying them to create a new password.
"This attack was not the work of amateurs, and we do not believe it was an isolated incident," Lord's post said. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.
For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."
Lord's blog says that although only a very small percentage of Twitter users were potentially affected by the attack, everyone should be "following good password hygiene, on Twitter and elsewhere on the Internet":
- Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites.
- Using the same password for multiple online accounts significantly increases your odds of being compromised.
- If you are not using good password hygiene, take a moment now to change your Twitter passwords. For more information about making your Twitter and other Internet accounts more secure, read our Help Center documentation or the FTC’s guide on passwords.
- We also echo the advisory from the U.S. Department of Homeland Security and security experts to encourage users to disable Java on their computers. For instructions on how to disable Java, read this recent Slate article.
The New York Times and The Wall Street Journal recently announced that their systems had also been compromised by hackers. Both publications claimed that the hackers had targeted them for publishing investigative reports on Chinese officials.
Although Lord talks about the hacking that took place at the two publications in his blog post, he does not connect it directly to the Twitter incident.
MSN News on Facebook and Twitter
Stay up to date on breaking news and current events.
Friend us on Facebook: www.facebook.com/news.msn
Follow us on Twitter: www.twitter.com/msnnews