February 2, 2013
by Pierluigi Paganini
Today Twitter announced that has detected some suspect patterns related an unauthorized access attempts to Twitter user data, in a nutshell hackers breach Twitter this week and may they obtained access to authentication credentials and other information for as many as 250,000 user accounts.
Bob Lord ,Director of Information Security, at Twitter wrote in a blog post:
“We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.”
“the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords” he added.
Twitter has responded in the best way to the data breach; it has immediately informed the authorities to advantage the investigation and it has alerted immediately its users to avoid further damages.
In many cases users share same credentials among various platforms, it is necessary to inform them of data breach as soon as possible to avoid that other accounts of victims are also compromised.
The company has also followed a proactive approach resetting passwords and revoking session tokens for compromised accounts.
“As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.”
Who is behind the attack?
No doubts according Twitter security experts, we are facing with a structured cyber attack conducted by professionals.
Bob Lord announced:
” This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. “
There isn’t yet detailed info on the attack and it’s not clear exactly what data has been exposed, however, Twitter’s blog post indicates that the attackers have exploited a zero day vulnerability probably in Oracle’s Java software. Of course many assumptions are circulating on internet, most interesting the one that believe that principal press agencies and social media platforms are subject to state-sponsored offensive with cyber espionage purpose.
The platforms manage a huge quantity of information that’s why they represent a privileged target, the last revelations on the attacks to media agencies such as The New York Times and The Washington Post seem to confirm that Chinese hackers are the prime suspects.
We must be conscious that the frequency of similar attacks will increase in the time, US Secretary of State Hillary Clinton said on Thursday that there has been an increase in hacking attacks on both state institutions and private companies, so it is necessary a different security approach to defend cyber assents.
Bob Lord also invited Twitter users to adopt efficient password policy:
“we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet. Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised.”
The suggestion provided are very useful but if it is requested a strongest authentication process it is necessary to implement supplementary factor of authentication such as two-factor authentication.
Another reflection necessary after incidents like this one is the use of O-auth protocol to authenticate users on various platform using Twitter, or any others, credentials. The third-party authentication process is realized implementing the open standard for authorization OAuth that allows users to share private resources stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead.
Each token grants access to a specific site for specific resources and for a defined duration allowing a user to grant a third party site access to its information stored with another service provider, without sharing their access permissions or the full extent of their data.
It is clear that in those processes of oAuth authentication is considered essential that both parties implement security best practices, otherwise you run the risk of having increased the attack surface making it paradoxically more complex the prevention and detection of the attacks if they originate from trusted third parts.
We must be careful to grant to third party applications the access to the authentications token, the incorrect management of token could create serious problems. Stay tuned as we watch these developments in the Twitter breach unfold and keep an eye out for our updates, as we risk tweeting them to you.
(Sources: CDM and Twitter)