Late Friday afternoon, Twitter began notifying account holders that their account security had been compromised and their passwords had been changed. In an article posted to the official Twitter blog, Bob Lord, Director of Information Security, said that unusual access patterns led to a discovery of a live attack in progress. That attack was shut down immediately, but further investigation into the breach discovered hackers had already accessed sensitive user data.
The usernames, email addresses, session tokens and encrypted/salted versions of passwords for approximately 250,000 users had been accessed before Twitter could restore security.
According to Lord:
As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.
Although 250,000 accounts represent a small percentage of Twitter users, Lord further cautioned all devotees of the 140 character micro-blogging site to practice good “password hygiene.”
Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised.
This is excellent advice not only for your Twitter account, but for EVERYTHING you log into online. In addition to the password protocols above, it is wise to change passwords on a regular basis. This will help further protect your personal data.
I still get spam Direct Messages (DMs) from Twitter users that have been hacked. Neglecting your social media accounts and letting them go dormant for too long is an open invitation to hackers. Keep them current. Take responsibility for your personal online security and take a few moments to update those passwords.
