Twitter Suffers Compromise – Enterprise Attacks Continue

Looks like Twitter is the latest to get bit in the butt. They just put out the following on their blog:

This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.

They go on to explain what they have done for those 250,000 accounts but not what they have done for all users. For that reason, we would encourage all Twitter users to follow the same precautionary steps they have done for those 250,000 users and change your own passwords as well. When wondering about passwords be sure to read our post on the password dilemma. Also don’t be fulled, if their environment is owned you can change it 150 times it won’t matter.

What you can do is start using password managers and unique passwords for each site. The last thing you want to do is use the password for your bank with your Twitter account. That’s just setting yourself up for a very bad day.

Good news though, this wasn’t the work of amateurs:

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.

Good riddance.

Scan your website for free:
About Tony Perez

Tony is the Co-Founder / CEO at Sucuri. He shares a deep passion for Information Security, Business and Brazilian JiuJitsu. He approaches the business the same as he trains BJJ, one move at a time and gently. You can follow him on twitter: @perezbox.