The Information Security Community is still commenting the Cyber Attacks against U.S. media companies and here it is another clamorous news in this February Weekend!

twitterposOn the wake of the admissions made by The New York Times and The Wall Street Journal, Twitter has revelaed in a blog post, to have detected, over the last week, unusual access patterns that led to identify unauthorized access attempts to some user data. They even discovered, and were able to shut down, one live attack, but their effort did not prevent the attackers to access user information for 250,000 users. The compromised data for the affected users includes : usernames, email addresses, session tokens and encrypted/salted passwords.

As a precautionary security measure, the social network has reset the passwords and revoked the session tokens for the affected accounts. The impacted users would have received (or will soon receive) an email, notifying them to create a new password.

This is not the first time that a primary social network is hacked: on June 2012 LinkedIn had 6.5 million accounts compromised.

The problem is that our online experience is getting harder and harder: counting (and immediately patching) all the exploitable 0-day vulnerabilities of the browsers and their components  is getting harder and harder (see the Java saga for example), and apparently even protection technologies are not so useful

This Post Has 6 Comments

  1. Ava

    Its sad that end users are the one’s that is greatly compromised by this. Since some has their accounts personal infomations and details they do not want the public to have, on the other hand hopefully companies that host social networking sites should have more precautionary measures on combating attacks like this.

    Hope that this will be resolved soon.

  2. Glamis

    The sad thing here is that neither Twitter nor LinkedIn has a two-factor authentication feature…

    So they may work a little more to “keep our users secure”…. :-/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.