Social networking site Twitter
has been hacked, with approximately 250,000 user accounts affected. Hackers managed to gain access to the usernames, e-mail addresses, session tokens, and encrypted and salted password hashes belonging to users of the service, something that the company is quickly trying to rectify.
One company blog post
states that "unusual access patterns" were detected, leading the security team to identify attempts to access user data that were not authorized. One attack was shut down as it was taking place, allowing only a limited number of users to be affected. The 250,000 user figure represents less than one eighth of a percent of the current 200 million population of active users.
Affected users have had their passwords reset by Twitter, with all associated session tokens also revoked. E-mails have been sent out, alerting those that need to change their passwords, as old passwords will not allow access to the site.
Bob Lord, director of information security at Twitter, said it was not "the work of amateurs," and believes it not to be an isolated incident. "The attacks were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked." Though the post refers to the recent hacks of the New York Times
and the Wall Street Journal
in the last two weeks, as well as the Java security issues
, the company draws the line at saying this hack is directly linked to them.