Twitter urges its users to rely on strong passwords
There's been a string of high-profile hacks lately, a string of reveals actually since the hacks took place over a long period of time. The latest to the list is Twitter which has revealed that it detected and stopped an attack as it took place recently, but it was enough time for the attackers to get away with some data.250,000 users were affected, so the problem is widespread. However, the attackers were only able to get access to usernames, email addresses, session tokens and the encrypted passwords.
What this means is that hackers didn't get direct access to the accounts. Still, encrypted passwords, even salted ones like Twitter uses, can be broken.
It's not easy, but it's not impossible, especially if you have enough resources like the supercomputers the US, China and many others are building.
Twitter warned that the attackers weren't amateurs and that this was a highly orchestrated attack. It didn't go any further than that, but the hint was that this was the work of government hackers. Which government, is another question.
Even if the accounts were not breached, Twitter did reset the passwords of all 250,000 accounts so if you're prompted to change your password the next time you try to log into Twitter, you'll know why.
Twitter's Bob Lord, director of information security, encouraged all users to create strong passwords for Twitter, not share them with any other sites and generally take the regular precautions.
He also urged people to disable Java in their browsers unless they really need it. While there was no mention of how the attackers were able to break into Twitter, he mentioned Java twice in the blog post.
Firefox recently announced that it would be blocking all plugins, including Java, by default, leaving it to the users to enable them when they need to.