Did you get a rather ominous sounding email from Twitter today? If so, you are not alone. Twitter sent out email today to users whom it felt may have been affected by the unauthorized attempts to access Twitter user data. I first heard of this because my husband received one of these scary sounding emails. Shortly after he dealt with it, a few of his friends on Twitter mentioned that they got the email, too.
There is a post on the Twitter Blog called “Keeping Our Users Secure”. It says:
This week, we detected unusual access patterns that led us to identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens, and encrypted/salted versions of passwords – for approximately 250,000 users.
If one of the 250,000 was you, then Twitter either already has sent you an email about it, (or will be doing so shortly). The social media company suggests that affected users change their password. There are details about what Twitter considers the characteristics of a strong password to include on their blog.
Twitter also repeats the advisory from the United States Department of Homeland Security that encourages users to disable Java on their browsers. Twitter does not specifically state who the attack came from, but it does say this:
This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.