Twitter detects and shuts down password data hack in progress | Ars Technica
Twitter engineers shut down what they described as an “extremely sophisticated” hack attack on its network that exposed the cryptographically protected password data and login tokens for 250,000 users.
In a blog post published late Friday afternoon, company officials said affected passwords and tokens have been reset and e-mails are in the process of being sent out to affected users. Twitter said it discovered the breach “earlier this week” and shut it down moments later.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” Bob Lord, Twitter’s director of information security, wrote. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”
Lord also mentioned recent attacks on Oracle’s Java software framework for browsers, although he didn’t explain what it had to do with the attack on Twitter. He urged users to disable Java on their computers.
Twitter compared the breach in timing to the recent widespread hacks of the New York Times and the Wall Street Journal, in which Chinese hackers gained access to the papers’ databases to track down information on journalists and their sources who were helping write stories critical of the family of China’s prime minister.
“[W]e detected unus