Twitter has confirmed that it has been hacked and sent emails to around 250,000 users to urge them to change their passwords.
In a detailed email sent and posted on its blog earlier today, the company says that “as a precautionary measure”, they had to reset user passwords for some of their users after discovering that attackers “may have had access” to “username, email address and an encrypted/salted version of your password (not the actual letters and numbers in your password)”.
The email further hints at the identity of the attackers by saying that it was not the work of amateurs and that it may not have been an isolated event, referring to recent attacks by unknown hackers on the New York Times and Wall Street Journal.
Twitter says that the “attackers [sic] were extremely sophisticated” and believes that other companies and organisations might have also been attacked in a similar way. Interestingly enough, Twitter also included a paragraph that reiterates the need for user to disable Java in their browser, following an advisory from the U.S. Department of Homeland Security.
Ironically, one can expect scammers and hackers to use this attack to send blanket-bomb users with fake emails to ask them to reset their Twitter accounts on fake or compromised websites.
The social networking website is estimated to have around half a billion of registered users with roughly 170 million of those being active.