Twitter hack: what can you do to protect your details?
Twitter becomes the latest US media giant to admit to being hacked, warning that the details of a quarter of a million users have been stolen. Technology Producer Geoff White explains.
In a blog post the social media website’s director of information security said the attack was “extremely sophisticated” and was part of an ongoing campaign.
Bob Lord said: “This attack was not the work of amateurs, and we do not believe it was an isolated incident. We believe other companies and organizations have also been recently similarly attacked.”
Details stolen include 250,000 usernames, email addresses and encrypted versions of passwords. However, its investigations are ongoing and the number of hacked accounts may rise.
Users affected will receive an email from Twitter requiring them to reset their password, and will be locked out of their account in the meantime (advice in grey box below).
Twitter’s acknowledgement comes just two days after the New York Times reported it had been the target of a four-month campaign which it blamed on the Chinese Government. The Chinese have denied any involvement.
The Wall Street Journal also admitted it had been the target of electronic surveillance, which it blamed on “Chinese hackers believed to have government links”.
However, there is no evidence currently to link the Twitter hack with the attacks on the two newspapers’ systems, and the methods of attack appear very different.
In the New York Times case, Mandiant, the security firm which investigated the breach, said it believed it was caused by a “spear phishing email” attack – a malicious email targeted at an employee.
The Twitter hack seems to have relied on a weakness in Java, a piece of software that makes parts of web pages operate. Twitter’s statement on the hack echoes US Government advice to internet users to disable Java immediately (advice below).
WHAT TO DO NOW:
Even if you are not told your account has been compromised, you might want to change your Twitter password. (For advice on setting a password go here. Remember: any word that's in the dictionary, or a permutation thereof, is a weak password).
Do not click on password change links in emails (they may be directing you to fake websites). Instead, go directly to www.twitter.com to change your password.
Disable Java, the software that runs some parts of webpages. For instructions, go here.