Peerreach Blog

04 Feb

Most influential accounts affected by Twitter break-in (updated)

After the NY Times and Wall Street Journal got hacked, it’s now Twitter that announces it has possible been compromised. It’s not the least important accounts that have been affected: @barackobama, @nytimes (yes, them), @reuters, @cnn and @foxnews are just a few that have possibly been compromised and need to reset their passwords.

In the last 24 hours, about 250.000 twitter users have received an email with the urgent request to reset their passwords. Twitter has detected suspicious activity and published this announcement:

“As you may have read, there’s been a recent uptick in large-scale security attacks aimed at U.S. technology and media companies. Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers.

This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.

As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.

Though only a very small percentage of our users were potentially affected by this attack, we encourage all users to take this opportunity to ensure that they are following good password hygiene, on Twitter and elsewhere on the Internet.”

Here I stop quoting Twitter because a ‘very small percentage of our users’ is extremely misleading. By correlating the reported hacks on Twitter it becomes obvious that only early-adaptors are affected that subscribed to Twitter before 15 June 2007.

Of the 100 most influential accounts in Politics 17% has been affected. Here is the list with their rank in our Politics PeerGroup.

Barack Obama @BarackObama #1
John Dickerson @jdickerson #52
John Boehner @johnboehner #71
Eric Cantor @EricCantor #91
Christopher Hayes @chrislhayes #120
Fred Thompson @fredthompson #127
Erick Erickson @EWErickson #133
Joe Biden @JoeBiden #140
Peter Hamby @PeterHambyCNN #177
Patrick Ruffini @PatrickRuffini #209

Of the Webtech top100 70% has been affected, such as:

TechCrunch @TechCrunch #1
Evan Williams @ev #2
Tim O’Reilly @timoreilly #3
Fred Wilson @fredwilson #4
Om Malik @om #5
Kara Swisher @karaswisher #6
Jack Dorsey @jack #7
Chris Sacca @sacca #8
Biz Stone @biz #9
Kevin Rose @kevinrose #10

Of the 100 most influential accounts among journalists and media 22% has been affected:

The New York Times @nytimes #1
Reuters Top News @Reuters #2
Breaking News @BreakingNews #8
CNN @CNN #11
NPR News @nprnews #15
Newsweek @Newsweek #20
BBC Breaking News @BBCBreaking #22
Nick Bilton @nickbilton #28
BBC News (World) @BBCWorld #30
Guardian news @guardiannews #32

We have 1,370 accounts with 1,000,000 followers or more, and 67 (5%) of them are affected.

How severe is this?

If the hackers have 250,000 encrypted passwords in their possession they have all time of the world to break these passwords. Although the compromised accounts are forced to change their passwords, many are likely to have re-used passwords for other applications such as email, domain names and other critical services. This gives the criminals great possibilities, in combination with Social Engineering, to continue their campaign against other media sources.

Written by Nico