What better time to drop some really bad and embarrassing news than late on a Friday afternoon, as everyone is heading out the door?
So it was with social media giant Twitter, which dropped a bombshell late Friday: revealing that it had been compromised in an “extremely sophisticated” attack that yielded the account credentials for around 250,000 users.
A blog post by Twitter Security Team member Bob Lord on Friday said that the company has been investigating the breach all week long, after detecting unusual patterns of account access across its network.
After stopping an attack that was in progress, the company’s investigation revealed that the attackers “may have had access to limited user information – usernames, email addresses, session tokens and encrypted/saltedversions of passwords – for approximately 250,000 users,” Lord wrote.
Twitter did not discuss the circumstances of the breach, but reiterated guidance from the U.S. Department of Homeland Security for users to disable Java in their web browsers, given the recent spate of critical security holes and active exploits targeting that platform.
Twitter declined to speculate about the source of the attack, but said it believed it was not an isolated incident and that “other companies and organizations have also been recently similarly attacked.” It’s not known whether that is a reference to the string of attacks on western media outlets including The New York Times, Wall Street Journal and Washington Post, or a reference to other social networking sites.