Anonymous hackers were able to gain access to around 250,000 accounts on the social networking site, including usernames, email addresses and passwords.
Twitter announced on Friday it had detected unusual access patterns across the network and had identified unauthorized attempts to access user data that had led to accounts being compromised. Twitter says:
As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.
Bob Lord, Twitter’s director of information security, said the attack was “not the work of amateurs” and the company did not believe it was an isolated incident.
“Our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users,” Lord said. “As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts.
“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”
The attack on Twitter is the latest in a string of high-profile security breaches on US technology and media companies. Both the Wall Street Journal and the New York Times have had their sites hacked in the last two weeks and Apple and Mozilla have turned off Java by default in their browsers to minimize the risk.
Privately held Twitter, which has 200 million active monthly users, said it was working with government and federal law enforcement officials to track down the attackers.
Twitter users who have had their accounts breached will have to reset their passwords before they will have access to the site.