So I was having a nice relaxing Friday evening when I happened to check my email. And what should I find in my mailbox … but a nice little message from Twitter. It noted that my account may have been hacked and that I needed to reset my password. Wonder if this just another case of “me too” followed up by the recent big-media New York Times and Wall Street Journal hacks earlier this week?
Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.
You’ll need to create a new password for your Twitter account. You can select a new password at this link: https://scrubbed.for.your.protection.com
As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password
Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).
In general, be sure to:
- Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
- Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
- Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.
For more information, visit our help page for hacked or compromised accounts.
The Twitter Team
I pinged the twitters (ironically) and it seems others also received the same message. Here are some helpful responses and links I received.
grecs: Did Twitter just get hacked? Got an email asking me to reset my password… Anyone else?
For the official word … we need to head over to Twitter’s blog post ironically titled “Keeping Our Users Secure.” In this article they state attackers may have had access to “usernames, email addresses, session tokens and encrypted/salted versions of passwords” for over 250,000 accounts. Of course throughout the post they seem to be shifting blame toward users with weak passwords and “extremely sophisticated” attackers. To a certain extent, however, they have a point though perhaps the focus should be on their employees rather than their users.
Just a few predictions…
Related to the “extremely sophisticated” bit, the attack will have been nothing more than a simple phishing email with a malicious attachment or link to a malware-laden website. Some poor Twitter employee fell for it – there’s always someone in every organization – and from there the attackers established a beachhead from which to mount an attack against the rest of the Twitter infrastructure.
From the breached machine, the attackers grabbed the hashed credentials from the local workstation and attempted to crack them. With permissions of that compromised user, hashes they could “pass,” and the cracked passwords, they progressed into other areas of the Twitter infrastructure and at some point discovered an old backup of “usernames, email addresses, session tokens and encrypted/salted versions of passwords.”
The attackers next migrated the old backup and any other data they discovered back to the beachhead they had established. There they rarred up all the contents into several password protected compressed files, and exfiltrated them back through a series of compromised New York Times, Wall Street Journal, and other hosts they had pivoted through … and finally back to … duh duh duh … China. And of course this will all be confirmed through an excruciatingly detailed Mandiant report that probably most of us will never see…
Also phishers will take advantage of this breach by sending emails claiming to be Twitter with instructions related to this incident. Click on that link or open that attachment and your organization may be the next company to make the headlines…
What’s your prediction for how the attack played out? Let us know in the comments below. Today’s post pic is from BartVPN.com. See ya!