Shared publicly  - 
 
I'm one of the 250,000 Twitter users -- relatively early adopters? -- who apparently had their accounts compromised by hackers who in turn apparently worked for the Chinese government. John Markoff and I had our well.com email accounts compromised by a hacker in the mid-1990s, if I recall properly, and the U.S. Department of Justice once sent me a polite letter saying it conducted court-ordered surveillance against a target who I was in communication with for a Wired story (meaning my communications with him were intercepted). But this would appear to be the first time a foreign government apparently compromised my account. Lovely.

Below is the email that Twitter sent me this evening.

---

Dear Twitter User:

As a precautionary security measure, we have reset your Twitter account password. Check your inbox for a separate email from Twitter with instructions on how to reset your password. If you don't see an email, you can go to this page in our Help Center to request a password reset. More information is below.

We recently detected an attack on our systems in which the attackers may have had access to limited user information - specifically, your username, email address and an encrypted/salted version of your password (not the actual letters and numbers in your password). Further information about the attack can be found in this blog post.

Since your password has been reset, your old password will not work when you try to log into Twitter. We strongly encourage you to take this opportunity to select a strong password - at least 10 (but more is better) characters and a mixture of upper and lowercase letters, numbers, and symbols - that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised.

For more information about making your Twitter and other Internet accounts more secure, read our Help Center documentation or the FTC's guide on passwords.

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to reset your password and publicize this attack while we still gather information. We are also helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.

Twitter 
Share and discover what’s happening right now, anywhere in the world.
6
1
Randy Resnick (randulo)'s profile photoMilana Homsi McCullagh's profile photoBrad Stout's profile photoBrian Slesinsky's profile photo
3 comments
 
Datapoint: I manage several Twitter accounts and only the earliest ones (2006-8) were affected, so yeah.
 
I got one as well and was worried it was a phish at first. Can't wait until we have a better authentication protocol. 
Add a comment...