Twitter Hacked: 250,000 Accounts Compromised
Seems like a lot of US companies, particularly media companies, are being attacked recently. Some of the recent slew of attacks in the past year include the New York Times and Wall Street Journal, as well as the Washington Post even. Now, looks like Twitter has had a bit of a compromise of approximately 250,000 accounts.
Bob Lord, the Director of Information Security at Twitter stated that any accounts that were compromised, the data at risk includes usernames, email addresses, session tokens and encrypted/salted passwords:
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.”
They have reset passwords and reset session tokens for the accounts that were compromised. How do you know if your account is compromised?
Some last words in the blog by Bob Lord include, “This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”
We’d agree with him, it had to be pretty darn sophisticated. Even though that would be a small number compared to their extremely large userbase, that is still a lot of accounts statistically speaking. No doubts.
Read more about this on the Twitter blog.
The Damage Swell of Saudi Aramco Attack
The New York Times reported about the damages of the attacks on Saudi Aramco, a Saudi Arabian oil firm. The article stated the following, blaming Iran for the attacks on Saudi Aramco along with supporting evidence:
That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.
United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.
Intelligence officials are still investigating the nature of the RasGas hack also, because it is related to this attack, which involved a malware called Shamoon.
The investigations of Saudi Aramco and RasGas, Qatar’s top natural gas firm, are coming together. Most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. More updates to come.
Related articles
- How hackers attacked Saudi oil company’s computers (seattletimes.com)
- US Increasingly Convinced Iran Behind Attack On Saudi Aramco (techweekeurope.co.uk)
- Shamoon Virus that Attacked Saudi Aramco is the Most Dangerous to Date (oilprice.com)
Facebook Given Short Notice to Stop Breaching Privacy
A consumer group in Germany has alleged over Facebook App Center about violating privacy laws.
According to the Washington Post, the Federation of German Consumer Organisations has given Facebook one week to stop automatically giving user information to third-party applications without explicit consent.
Legal action is possibly to Facebook, if these solutions are not met to fix privacy flaws, by September 4, 2012.
According to the New York Times about two week ago, “The company’s use of analytic software to compile photographic archives of human faces, based on photos uploaded by Facebook’s members, has been problematic in Europe, where data protection laws require people to give their explicit consent to the practice.”
Officials say this investigation and alleged charges are related to the Google Street View investigation, and similar actions can be taken, if necessary, to resolve the problem.
For the App Center, it’s put in place, some speculate, to help the Facebook mobile market and increase revenue for the company. With its competition against Apple or Android stores, it’s trying to gain attention quickly as an app store itself.
What makes governments and privacy experts nervous, is when Facebook developers make users opt-out, instead of opt-in. This means that new, potentially problematic, features are turned on by default. This requires too much work on the user, and an unfair advantage for Facebook.
Related articles
- Facebook given one week to stop breaching privacy laws (nakedsecurity.sophos.com)
- German consumer group sets Facebook privacy ultimatum (reuters.com)
- Facebook’s new app bazaar ‘violates’ punters’ privacy – lobbyists (go.theregister.com)