Social media giant Twitter is among the latest U.S. companies to report that it is among a growing list of victims of Internet security attacks, saying that hackers may have gained access to information on 250,000 of its more than 200 million active users.
And now, The Washington Post is joining the chorus, revealing the discovery of a sophisticated cyberattack in 2011.
Twitter, the microblogging service, said it was subjected to unauthorized attempts to hack into its systems.
While San Francisco-based Twitter didn’t identify the source of the attack, it called the perpetrators “extremely sophisticated,” adding Friday that “we believe other companies and organizations have also been recently similarly attacked” in a blog post.
The New York Times Co. reported on Jan. 30 that its computer network was attacked repeatedly by Chinese hackers. The Wall Street Journal also detailed similar attacks on its systems, while Bloomberg LP, the parent of Bloomberg News, said there have been unsuccessful attempts to infiltrate its network.
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data,” Twitter said in a blog posting yesterday. “We discovered one live attack and were able to shut it down in process moments later.”
The company said it reset passwords for affected accounts, and it is getting in touch via e-mail with those with accounts that were breached.
Twitter was the target of a so-called denial-of-service attack in 2009, along with Facebook Inc. and LiveJournal Inc.
Twitter said in a blog post it shut down one attack moments after it was detected.
On Friday, The Washington Post disclosed in an article published on its website that it was also the target of a sophisticated cyberattack, which was discovered in 2011 and was first reported by an independent cybersecurity blog. Washington Post spokeswoman, Kris Coratti, didn’t offer any details including the duration of the attack or the origins. But according to sources that the newspaper quoted, who it said spoke on condition of anonymity, the intruders gained access as early as 2008 or 2009. According to the sources, Chinese hackers are also suspected.
Coratti couldn’t be reached immediately for comment by The Associated Press. According to her comments made to the newspaper, the company worked with security company Mandiant to “detect, investigate and remediate the situation promptly at the end of 2011.”
China has been accused of mounting a widespread, aggressive cyber-spying campaign for several years, trying to steal classified information and corporate secrets and to intimidate critics. The Chinese foreign ministry could not be reached for comment Saturday, but the Chinese government has said those accusations are baseless and that China itself is a victim of cyberattacks.
Twitter didn’t provide any clues as to whether it believes that China was behind its hack. However, the blog post by the company’s director of information security, Bob Lord, made clear that the hackers knew what they were doing. Lord said in the blog that the attack “was not the work of amateurs, and we do not believe it was an isolated incident.”
“The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked,” Lord said. “For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
Reached on Saturday, Twitter spokesman Jim Prosser had no further comment.
Based on the few details released about the Twitter and Washington Post attacks it’s hard to say whether Chinese hackers were involved, said Rich Mogull, CEO of Securosis, an independent security research and advisory firm. There are certain pieces of malicious software that are characteristic to Chinese hackers, he said, but “the problem is not enough has been made public.”
One theory is that the Twitter hack happened after an employee’s home or work computer was compromised through vulnerabilities in Java, a commonly used computing language whose weaknesses have been well publicized. Independent privacy and security researcher Ashkan Soltani said such a move would give attackers “a toehold” in Twitter’s internal network, potentially allowing them either to sniff out user information as it traveled across the company’s system or break into specific areas, such as the authentication servers that process users’ passwords.
The relatively small number of users affected suggests that attackers weren’t on the network long or that they were only able to compromise a subset of the company’s servers, Soltani said.
Twitter is generally used to broadcast messages to the public, so the hack might not immediately have yielded any important secrets. But the stolen credentials could be used to eavesdrop on private messages or track which Internet address a user is posting from.
That might be useful, for example, for an authoritarian regime trying to keep tabs on a journalist’s movements.
“More realistically, someone could use that as an entry point into another service,” Soltani said, noting that since few people bother using different passwords for different services, a password stolen from Twitter might be just as handy for reading a journalist’s emails.
(The AP and Bloomberg contributed to this report.)
