Twitter: Hackers target 250,000 users

 

The BBC's technology correspondent Rory Cellan-Jones is one of those affected

Related Stories

A quarter of a million Twitter users have had their accounts compromised in the latest of a string of high-profile internet security breaches.

Twitter's information security director Bob Lord said about 250,000 users' passwords had been stolen, as well as usernames, emails and other data.

Affected users have had passwords invalidated and have been sent emails informing them.

Mr Lord said the attack "was not the work of amateurs".

He said it appeared similar to recent attacks on the New York Times and the Wall Street Journal.

The US newspapers reported that their computer systems had been breached by China-based hackers.

'Not isolated'

Twitter has 200 million active users.

Start Quote

There is still little information about the nature of the attack or why just one small section of users is in danger”

End Quote

Mr Lord said in a blog post Twitter had discovered unauthorised attempts to access data held by the website, including one attack that was identified and stopped moments after it was detected.

"This attack was not the work of amateurs, and we do not believe it was an isolated incident," he wrote.

Mr Lord did not say who had carried out the attack, but added: "The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked."

"For that reason we felt that it was important to publicise this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the internet safer for all users."

Internet security specialist Graham Cluley warned Twitter's announcement that emails would be sent to users may prompt a spate of spam emails "phishing" for sensitive information.

He says people should be cautious about opening emails which appear to be from Twitter.

Analysis

The biggest worry for most of Twitter's 200 million active users is not this attack per se, but the additional new "phishing" scams the attack has already inspired.

Since Twitter users now know to be on the lookout for emails asking them to change their passwords, criminals are sending out very similar messages.

If users click on the links in those they risk - once again - having their account hacked.

Don't click on links in emails asking you to change your password.

Go directly to the web site, log in normally, and change it using the instructions without clicking on email links.

"You have to be careful if you get hold of one of these emails because, of course, it could equally be a phishing attack - it could be someone pretending to be Twitter.

"So, log into the Twitter site as normal and try and log in to your account and, if there's a problem, that's when you actually have to try and reset your password."

Another expert in online security, Professor Alan Woodward from the University of Surrey, warned users to be wary of messages sent them by the hackers via Twitter itself.

"They can then send what's called direct messages," he said. "They can put malicious links in those."

"It really looks like it's coming from someone you know and you might respond to it, you'd go to the site and all of a sudden you find that actually you've got some malware on your machine which is then stealing your bank details or whatever."

On Thursday the New York Times linked the attack to a story it published alleging relatives of Premier Wen Jiabao controlled assets worth billions of dollars.

China's foreign ministry dismissed the New York Times' accusations as "groundless" and "totally irresponsible".

 

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • rate this
    +1

    Comment number 171.

    250K is not a huge number in this kind of hack but it does highlight some issues users will have such as having the same password across accounts - this hack would mean all passwords for those users need to be changed. So this is newsworthy from the view point of highlighting security issues both in passwords and technologically for twitter and the net

  • rate this
    +11

    Comment number 127.

    Let's say someone hacks my Twitter account. OK, it's a pain, but the end of the world? Not if I have used different credentials to my 'important stuff'.

  • rate this
    +7

    Comment number 88.

    Why are there people here who down on people who use Twitter? You all have email. It amounts to the same thing: technology used to speed up interface between you and others.

    I'm sure if your email was hacked you'd feel violated, even if you didn't have any bank details to be stolen. Still intruding on your life.

    So, yes, I think the intrusion of the lives of 250,000 people is news-worthy.

  • rate this
    +3

    Comment number 72.

    I think a lot of people are nieve to how money can be made on the internet. This attack is at least an easy way to direct others to sites thus earning certain people huge amounts of money. It's the same trick as 'Viagra' emails and all other types of spam.... traffic = money.

  • rate this
    -1

    Comment number 38.

    Just serves as a reminder to everyone never to use or give real information, let alone the same password across accounts on line. Never use the likes of Twitter or Facebook

 

Comments 5 of 6

 

More Technology stories

RSS

Features & Analysis

  • Cerro RicoSatanic mines

    Devil worship in the tunnels of the man-eating mountain


  • Nefertiti MenoeWar of words

    The woman who sparked a row over 'speaking white'


  • Oil pumpPump change

    What would ending the US oil export ban do to petrol prices?


  • Brazilian Scene, Ceara, in 1893Sir Snapshot

    19th Century Brazil seen through the eyes of an Englishman


BBC Future

(Getty Images)

Is it time to leave planet Earth?

How humans could inhabit the solar system Read more...

Programmes

  • Prof Piot, the first person to indentify Ebola virusHARDtalk Watch

    Ebola expert warns travellers could spread the disease further if it is not contained

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.