As you might have heard and known, Twitter has been hacked and some 250,000 accounts (username & passwords) have been reset. If you want to guarantee that your Twitter handles are not one of those currently at risk, the below Q&A prepared by our Research Dep. would surely be helpful!
Q: How can I find out if my account is one of those who have been affected?
Using only a web browser on a laptop or desktop (not mobile or tablet), go to Twitter.com, and try to log in with your usual password. If you can’t log in – it will say there’s a problem with your username or password – then you’ve been affected.
Q: I don’t have access to a laptop or desktop computer at this moment, am I likely to have been affected?
Probably, but only if you joined Twitter roughly in the first half of 2007. At that time it had a few million users. Most people joined after mid-2007, so on that basis you’re unlikely to have been affected.
Q: Twitter hasn’t emailed me anything & I can still tweet from 3rd party apps and my mobile, this means I’m ok, right?
Not really. The email from Twitter may have been filtered into your spam folder.
The reason why 3rd party apps & clients will still let you tweet is that Twitter doesn’t let them use your password. Instead, it uses “tokens” which are issued to the third-party programs, and authorise them to send tweets to Twitter’s database for redistribution to followers. The tokens weren’t revoked as part of the password reset; doing that would have meant that you’d have had to re-authorise all your apps, and for some apps Twitter has only made a limited number of tokens available.
Q: What did the hackers get?
Twitter says “our investigation has thus far indicated that the attackers may have had access to “limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords.” A spokesperson said today that “it’s not 100% certain that they did [hackers getting access to private data]. We reset passwords as a precautionary measure”
Q: How was it done?
Twitter isn’t saying; its blogpost about the attack says only that it saw “unusual access”. That means that the hackers were probing its database via the Twitter access method, and found a way to crack its usual safeguards.
It may be connected to the outage that Twitter suffered on Thursday, though the company hasn’t said.
Twitter is saying that “This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”