The famous social network announced today that it has detected a series of attempts to hack into user data.
While Twitter shut down one attack moments after it was discovered, the specialists soon admitted that the ‘extremely sophisticated’ hackers may have managed to access personal data belonging to 250,000 users.
Twitter’s director of information security, Bob Lord, explained in a post that the site has reset passwords and revoked session tokens for the accounts that may have been compromised, Mashable reports.
However, Mr Lord hasn’t unveiled who may be behind the attack, but assured that the company is working with federal law enforcement to find and prosecute the attackers.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident,” he wrote.
“The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”
The attack on Twitter comes soon after similar attempts were undertaken towards high-profile sites, including the New York Times and Wall Street Journal. The news organizations reported evidence showed the attacks originating in China.
Those users who may have been affected will receive, if they haven’t yet, an email notifying them of the password reset.
“Twitter believes that your account may have been compromised by a website or service not associated with Twitter,” the notification email says. “We’ve reset your password to prevent others from accessing your account.”
In the wake of hacker attacks, Twitter also recommeded the U.S. Department of Homeland Security’s recent advisory on disabling Java, among other precautions.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” Twitter wrote.
“For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
Ashkan Soltani, an independent privacy and security researcher, predicted that this move would give attackers ‘a toehold’ in Twitter’s internal network.
Moreover, it would potentially allow hackers either to sniff out user data or even break into specific areas, such as the authentication servers that process users’ passwords, explains The Daily Mail.
In a recent interview Soltani said that “the relatively small number of users affected suggested either that attackers weren’t on the network long or that they were only able to compromise a subset of the company’s servers.”
Another expert in online security, Professor Alan Woodward from the University of Surrey, warned users to be wary of messages sent them by the hackers via Twitter itself.
“They can then send what’s called direct messages,” he said. “They can put malicious links in those.”
“It really looks like it’s coming from someone you know and you might respond to it, you’d go to the site and all of a sudden you find that actually you’ve got some malware on your machine which is then stealing your bank details or whatever.”