Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter #Hacked

Posted by timothy on from the coz-it's-a-hashtag-see dept.

theodp writes "Earlier this week, hackers gained access to Twitter's internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company's official blog, Twitter's manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security's advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."

7 of 111 comments (clear)

  1. Re:Discrimination by jones_supa · · Score: 4, Informative

    At least Firefox did the right thing and doesn't run plugins automatically anymore by default, with a recent enough Flash being an exception.

  2. And The Washington Post by guttentag · · Score: 5, Informative
    A New York Times story today adds The Washington Post to the list of American news organizations whose newsroom computers were found to be communicating with computers in China on their own.

    For those keeping score:
    • The New York Times
    • The Washington Post
    • The Wall Street Journal
    • Bloomberg News
  3. Re: Safari and Firefox by tlhIngan · · Score: 4, Informative

    Workers' computers at Twitter were compromised by a java exploit. If they were running Safari it's either oooold or they were using Macs.

    They'd have to be both - as in a Mac running 10.6 or earlier since Apple removed Java from the OS and blocked old versions. Heck, a couple of days ago Apple blocked ALL versions of Java (they set the minimum version to 0.0.01 above the current one - Oracle just released it that was 0.0.02 above their previous version).

    Apple basically kicked Java to the curb with Flashback - they removed their version of Java from the OS (by blocking it, requiring install of the Oracle one). And the Java plugin for Safari is disabled by default - you can enable it, but I believe it disables itself automatically 30 days later, so you have to re-enable it again.

  4. Re:bad things do happen in threes by VortexCortex · · Score: 4, Informative

    Protip: Right-click video, then "Copy Video URL at Current Time.". Like So: https://www.youtube.com/watch?v=ET1-_PeExMs#t=116s

  5. Re:Corporate Responsibility by rwven · · Score: 4, Informative

    They DID. My account was compromised. I got an email.

  6. Rubbish by Frankie70 · · Score: 4, Informative

    If a security hole in Java running on a Twitter user's browser allowed someone to get to Twitter's internal data (i.e. not just the data of the user whose browser who had Java) - then it's a security hole in Twitter.

    I think Twitter is being dishonest here.

  7. Re:Does it mean... by Tridus · · Score: 4, Informative

    Someone inside Twitter's network had Java enabled, and got attacked. Hackers are now inside Twitter and can start poking around.

    --
    -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates