Twitter, Washington Post Report Cyberattacks

Hack Revelations Follow Word of Attacks at Other Media Sites
Twitter, Washington Post Report Cyberattacks

Add Twitter and the Washington Post to media websites that have been breached in recent weeks.

See Also: Why Active Directory (AD) Protection Matters

Twitter detected unusual access patterns that led to it identifying unauthorized access attempts to the social network's user data, Bob Lord, Twitter manager of network security and infrastructure, wrote in a Twitter blog posted Feb. 1. Twitter said it discovered one live attack and shut it down almost immediately. But its investigation has indicated that the attackers may have had access to limited user information - usernames, e-mail addresses, session tokens and encrypted/salted versions of passwords - for some 250,000 users.

"As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts," Lord said.

Twitter's network security and infrastructure manager wrote that the attack was neither the work of amateurs, nor an isolated incident. "The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," Lord said. "For that reason, we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."

Also on Feb. 1, a Washington Post article said the Post website had been victimized by a sophisticated cyberattack targeted in an operation that resembled intrusions against The New York Times and Wall Street Journal and that company officials suspect was the work of Chinese hackers [see N.Y. Times' Transparent Hack Response].

"Like other companies in the news recently, we face cybersecurity threats," Post spokeswoman Kris Coratti said. "In this case, we worked with [security company] Mandiant to detect, investigate and remediate the situation promptly at the end of 2011. We have a number of security measures in place to guard against cyberattacks on an ongoing basis."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.