On late Friday, Twitter announced a possible exploit that could have affected approximately 250,000 accounts. According to Mashable
, affected users should have received, or will receive, a notification from Twitter informing them of a password reset.
Twitter made the announcement in a blog post
at approximately 4 p.m. entitled "Keeping our users secure"
"This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," wrote Bob Lord, Director of Information Security. "We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users."
The company also indicated that it reset passwords and "revoked session tokens" for those user accounts which may have been impacted by a security breach. Affected users are being sent notification emails to inform them of the password reset and prompt these users to create a new password.
"Though only a very small percentage of our users were potentially affected by this attack, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet," Lord said, providing some tips for strong passwords.
The company noted the recent attacks in major media outlets, such as the New York Times
and Wall Street Journal; it also noted the recent Java exploit
As this news unfolds, Twitter noted the investigation is ongoing; the company believes this is not an isolated incident. The company also said the current attack on Twitter is "not the work of amateurs".