Twitter Hack Prompts Two-Factor Authentication To Strengthen Security

By Alexandra Burlacu email: a.burlacu@mobilenapps.com | Feb 05, 2013 08:53 AM EST

Share This Story

  • Print
  • Email

Following the recent hack that compromised up to 250,000 Twitter accounts, the micro-blogging site is now pursuing two-factor authentication to enhance log-on security.

Follow us

Twitter has 250 million users, meaning the breach affected only 0.10 percent of its entire user base, but any hack attack is still a serious security issue regardless of its proportions. Twitter reset the passwords of all affected users, but said investigation remains ongoing until everything is clear, including determining exactly what data the hackers accessed.

"This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," Twitter's director of information security Bob Lord announced in a blog post on Friday, Feb. 1. "We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information - usernames, email addresses, session tokens and encrypted/salted versions of passwords - for approximately 250,000 users."

Twitter has reset the passwords for those 250,000 affected users and revoked those accounts' session tokens as a precautionary measure. According to Lord, users should have received an e-mail instructing them to create a new password.

Lord further cautioned users to pay attention to the warnings the Department of Homeland Security has issued recently regarding the Java browser plug-in. He did not, however, specifically associate the Twitter breach to a Java vulnerability exploit.

In light of the security breach, Twitter officials have apparently decided to implement two-factor authentication. A new job listing on Twitter's Web site reveals the new security measure. The job is for a software engineer - product security.

"Design and develop user-facing security features, such as multifactor authentication and fraudulent login detection," read the requirements in the job advert.

Twitter moved to HTTPS as the default option in March 2012, but two-factor authentication would add an extra layer of security to Twitter's log-in process. Google, for instance, has been offering two-factor authentication for a long time for its Gmail and other Google Apps. Dropbox has also implemented this extra security measure after facing a password breach of its own.

Users who have enabled two-factor authentication, both for Google and Dropbox, must enter both their passwords and a unique code - the second factor - generated either by an app on their smartphone or sent to their handset via SMS. Facebook has such a system in place as well.

Until it adopts such a system, all Twitter can do if it detects a breach is to reset those passwords, as it has done now. Some affected users, however, have reported that their presumably expired passwords still work when they log into Twitter via the Twitter API.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2014 Mobile & Apps All rights reserved. Do not reproduce without permission.

Join Our Conversation

Smartphones
OnePlus One pre-order teaser countdown OnePlus One goes on pre-order Monday, Oct. 27, for one hour only – No invites required
Samsung Galaxy Devices based on KNOX approved for U.S. government classified use
Samsung Galaxy Mega 2 hits AT&T on Oct. 24 – Price, specs & options (VIDEO)
Gmail 5.0 for Android leaks online, reportedly aims to handle ALL email
Tablet / Laptop / PC
Dell Venue 7 and Venue 8 Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon Logo Amazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC Logo HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google Downtime Google blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Flipboard for Windows Phone Flipboard for Windows Phone finally available, but requires 1GB of RAM (VIDEO)
Vine gets major update, lets you upload previously-shot videos & more (VIDEO)
BlackBerry Messenger (BBM) finally hits Windows Phone – Available as a free download now
Instagram releases Bolt ephemeral messaging app in select markets to challenge Snapchat
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps
Real Time Analytics