Last Updated on May 24, 2015
The Information Security Community is still commenting the Cyber Attacks against U.S. media companies and here it is another clamorous news in this February Weekend!
On the wake of the admissions made by The New York Times and The Wall Street Journal, Twitter has revelaed in a blog post, to have detected, over the last week, unusual access patterns that led to identify unauthorized access attempts to some user data. They even discovered, and were able to shut down, one live attack, but their effort did not prevent the attackers to access user information for 250,000 users. The compromised data for the affected users includes : usernames, email addresses, session tokens and encrypted/salted passwords.
As a precautionary security measure, the social network has reset the passwords and revoked the session tokens for the affected accounts. The impacted users would have received (or will soon receive) an email, notifying them to create a new password.
This is not the first time that a primary social network is hacked: on June 2012 LinkedIn had 6.5 million accounts compromised.
The problem is that our online experience is getting harder and harder: counting (and immediately patching) all the exploitable 0-day vulnerabilities of the browsers and their components is getting harder and harder (see the Java saga for example), and apparently even protection technologies are not so useful…
This Post Has 6 Comments
Pingback: After Twitter and Facebook, Apple reveals to have suffered the same Cyber Attack « Hackmageddon.com
Pingback: 1-16 February 2013 Cyber Attacks Timeline « Hackmageddon.com
Pingback: Facebook Admits to Have Been Hit By a Sophisticated Targeted Attack « Hackmageddon.com
Pingback: Qualche nota sull’attacco a Twitter | Glamis on Security
Its sad that end users are the one’s that is greatly compromised by this. Since some has their accounts personal infomations and details they do not want the public to have, on the other hand hopefully companies that host social networking sites should have more precautionary measures on combating attacks like this.
Hope that this will be resolved soon.
The sad thing here is that neither Twitter nor LinkedIn has a two-factor authentication feature…
So they may work a little more to “keep our users secure”…. :-/