Is Your Account Safe?
The media and technology companies of the United States of America have recently been experiencing a spate of cyber attacks. Recently, the New York Times, Wall Street Journal and the Washington Post were compromised by Chinese hackers. The latest victim is Twitter, but who it was hacked by remains unknown.
On Friday, the first of this month, Twitter confirmed that 2,50,000 of its two million accounts had possibly been hacked. Even though that only makes 12.5 percent of its total user base, it is the biggest security breach the social networking site has faced yet.
Twitter explains precisely what happened on its blog:
According to an expert, “the Twitter hack probably happened after an employee’s home or work computer was compromised through vulnerability in Java.” For those of you who didn’t know, Java is a commonly used computing language whose weaknesses have been well publicized.
The attack has been controlled; Twitter reset the passwords of the hacked accounts and emailed the users, asking them to change their passwords. They also took the incident as an opportunity to warn their users to set strong passwords, using ten or more alphanumeric characters, both in upper and lower cases, as well as other symbols to make strong passwords.
According to Bob Lord, Twitter’s Director of security, “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
It is believed that “the relatively small number of users affected suggested either that the attackers weren’t on the network long or that they were only able to compromise a subset of the company’s servers.” These were the words of Ashkan Soltani, an independent privacy and security researcher.
Twitter also advocates listening to the U.S Homeland Security when they advise users to disable Java on their browsers. In fact, Apple and Mozilla have turned off Java by default on their browsers Safari and Firefox respectively.
So, what are the implications of this attack?
Well, considering this is Twitter, where messages are broadcasted publically, there is a lesser amount of personal data that’s been spilled out in comparison to what would have happened if a website like Facebook had been hacked, but even then, the passwords and email ids being given out could pose a threat. As most users on the Internet use the same password for most of their accounts, be it email or other websites, access keys have been spilled. For this reason, users are advised to keep different passwords on their various accounts.
It is believed that this data mainly will be used to compromise journalists. Perhaps this theory has something to do with the fact that important American newspapers were also hacked.
However, the weird thing is that the hackers posted very weird stuff from people’s Twitter accounts. Special emphasis was laid on weight loss tips.
Apart from that, it seems that a lot of “Did you see this pic of you?” Direct Messages were circulated from hacked accounts.
This is what befuddles me the most. Why would a professional hacker waste his or her time and energy to hack so many Twitter accounts, only to circulate such silly messages?
Oh well. People work in mysterious ways. Or maybe there’s an ulterior motive. Let’s see what happens now.
Image Courtesy [Sanya Sharma]