Alexandra Burlacu email: a.burlacu@mobilenapps.com
Following the recent hack that compromised up to 250,000 Twitter accounts, the micro-blogging site is now pursuing two-factor authentication to enhance log-on security.
Twitter has 250 million users, meaning the breach affected only 0.10 percent of its entire user base, but any hack attack is still a serious security issue regardless of its proportions. Twitter reset the passwords of all affected users, but said investigation remains ongoing until everything is clear, including determining exactly what data the hackers accessed.
"This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," Twitter's director of information security Bob Lord announced in a blog post on Friday, Feb. 1. "We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information - usernames, email addresses, session tokens and encrypted/salted versions of passwords - for approximately 250,000 users."
Twitter has reset the passwords for those 250,000 affected users and revoked those accounts' session tokens as a precautionary measure. According to Lord, users should have received an e-mail instructing them to create a new password.
Lord further cautioned users to pay attention to the warnings the Department of Homeland Security has issued recently regarding the Java browser plug-in. He did not, however, specifically associate the Twitter breach to a Java vulnerability exploit.
In light of the security breach, Twitter officials have apparently decided to implement two-factor authentication. A new job listing on Twitter's Web site reveals the new security measure. The job is for a software engineer - product security.
"Design and develop user-facing security features, such as multifactor authentication and fraudulent login detection," read the requirements in the job advert.
Twitter moved to HTTPS as the default option in March 2012, but two-factor authentication would add an extra layer of security to Twitter's log-in process. Google, for instance, has been offering two-factor authentication for a long time for its Gmail and other Google Apps. Dropbox has also implemented this extra security measure after facing a password breach of its own.
Users who have enabled two-factor authentication, both for Google and Dropbox, must enter both their passwords and a unique code - the second factor - generated either by an app on their smartphone or sent to their handset via SMS. Facebook has such a system in place as well.
Until it adopts such a system, all Twitter can do if it detects a breach is to reset those passwords, as it has done now. Some affected users, however, have reported that their presumably expired passwords still work when they log into Twitter via the Twitter API.
most read
more stories from Internet / Social Media
Google's two-minute blackout has caused a whopping 40 percent drop in global Internet traffic.
ernest hamiltonRumors turned out to be legitimate, as Xbox Music web player is now live.
ernest hamiltonA bug in Facebook's latest beta app for Android collected and stored the phone numbers of anyone who launched the app, regardless of whether they logged in or had an account.
ernest hamiltonMozilla Firefox 22 is bringing advance 3D gaming to the web with Unreal Engine 3.
ernest hamiltonA security bug in Facebook's 'Download Your Information' (DYI) tool exposed email addresses and telephone numbers of roughly 6 million users.
ernest hamiltonTwo of the new features now available on Socl comes in the form of a meme generator and GIF creator. This is a good idea since memes and GIFs are one of the leading activities on the Internet right now.
ernest hamiltonThe Facebook invitation doesn't say anything about the product or the service that is going to be launched on June 20.
ernest hamiltonIn the new version of OS X, dubbed OS X 10.9 Mavericks, if you use the new Safari web browser to open a website that is power hungry, you will not have to close it in order to save your battery life.
ernest hamilton