Twitter opens up to the public (and intruders as well)
It wasn’t but a few days ago when Google and others released their latest transparency reports. Twitter‘s showed “a steady increase in government requests (with a slight decline in copyright take-down notices)”. Government requests rose about 20%, while copyright notices went down only about a mere hundred or so to 3378 from the previous report. One particular statistic of interest though is that of content-removal requests which rose from 6 to 42. Data which can in some ways conclude that perhaps people are now making such requests as it becomes commonplace and widely known that such infringement requests are capable.
Also last week, there was some Twitter information revealed that wasn’t meant to be made transparent, as some 250,000 Twitter accounts were compromised.
Last Friday a Twitter blog appeared that revealed to the public that Twitter has “detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data” and killed one live attack that it caught in progress, but after they investigated the situation further, they found that about 250,000 usernames and email addresses had already been compromised. The New York Times and Wall Street Journal have run into similar hacking events as well.
It appears the attacks may have been 0-Day exploits by which an unknown Java exploit led to the major corporate networks being compromised.
Twitter’s Bob Lord (@boblord), Director of Information Security said, “This attack was not the work of amateurs, and we do not believe it was an isolated incident,” he wrote. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.”
Bob Lord also said that:
“Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers.” and that Twitter now echoes “the advisory from the U.S. Department of Homeland Security and security experts to encourage users to disable Java on their computers in their browsers.”
But one blogger by the name of Frankie felt that Twitter was “being dishonest here”. Frankie believes that if a a Twitter user’s browser allowed someone to get to Twitters internal data, then it’s a security hole in Twitter, and Java itself is not the issue.