{"id":1445,"date":"2013-02-07T18:32:06","date_gmt":"2013-02-07T18:32:06","guid":{"rendered":"http:\/\/ncjolt.org\/?p=1445"},"modified":"2020-06-04T20:54:03","modified_gmt":"2020-06-04T20:54:03","slug":"250000-twitter-accounts-hacked-via-vulnerability-in-java-7-update-10-last-week","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/250000-twitter-accounts-hacked-via-vulnerability-in-java-7-update-10-last-week\/","title":{"rendered":"250,000 Twitter Accounts Hacked Via Vulnerability In Java 7 Update 10 Last Week"},"content":{"rendered":"

Thursday, February 7, 2013 by Tasneem Dharamsi
\nEarly Friday evening, Twitter announced<\/a> on its blog that the company had \u201cdetected unusual access patterns\u201d that indicated that \u201cunauthorized . . . attempts\u201d were made to access as many as 250,000 Twitter accounts.\u00a0 Basically, nearly a quarter of a million Twitter accounts were hacked into.\u00a0 In what the company has called a \u201csophisticated attack,\u201d Twitter has revealed that the anonymous hackers were able to find the usernames, email addresses, session identifiers, and encrypted passwords of these users.\u00a0 Twitter reported that it unearthed one hacking attack while in progress and was able to shut it down, but that in order to protect those 250,000 compromised accounts, it has reset passwords and revoked session identifiers for the accounts. \u00a0\u00a0Twitter also stated that it sent out emails to notify those users whose accounts were affected by the attacks.
\nIn its blog alert, Twitter urged its users to follow the advisory<\/a> issued by the United States Department of Homeland Security in which the Department identifies a vulnerability in Java 7 Update 10 that \u201ccan allow a remote, unauthenticated attacker\u201d access a system.
\nThe Department of Homeland Security stated that Java 7 on Widows, OS X, and Linux platforms have been successfully attacked.\u00a0 \u00a0In order to mitigate the vulnerability, the Department encourages users to disable<\/a> Java in internet browsers as the first line of defense.\u00a0 If \u201cit is absolutely necessary to run Java in web browsers,\u201d the Department recommends installing Java 7 Update 11<\/a> or restricting access to Java applets.
\nThe threat of being attacked by hackers is so severe that even Apple has gotten involved.\u00a0 CNET is reporting<\/a> that in light of the security breaches, Apple released an update to its users that blacklisted the latest versions of Java.\u00a0 Mac users wanting to restore Java on their computers must download the latest version on their own.\u00a0 \u00a0Additionally, the New York Times has stated<\/a> that macs will no longer be shipped with Java enabled by default.
\nTwitter has been reprimanded in the past for failing to adequately protect the personal information of its users.\u00a0 In 2010, the Federal Trade Commission filed charges against the company alleging that there were \u201cserious lapses in the company\u2019s data security\u201d that served as vulnerable points for hackers.\u00a0 In a settlement<\/a> with the FTC, Twitter agreed to undergo independent security assessment every other year for the next 10 years.
\nHowever, this most recent attack may not be due entirely to Twitter\u2019s lax security measures.\u00a0 Twitter stated that it believes that other websites and companies have been and will continue to be targeted by these hackers.\u00a0 Indeed, over the last week, both The New York Times and The Wall Street Journal reported that their newspapers had been the target of Chinese hackers.\u00a0 A reporter for The New York Times stated<\/a> that over the last four months, Chinese hackers had discovered the passwords used by every New York Times employee and even accessed the personal computers of more than 50 of these employees.\u00a0 The Wall Street Journal reported<\/a> that it, along with other media sources like Dow Jones & Co., has been subjected to attacks originating in China.<\/p>\n","protected":false},"excerpt":{"rendered":"

Thursday, February 7, 2013 by Tasneem Dharamsi Early Friday evening, Twitter announced on its blog that the company had \u201cdetected unusual access patterns\u201d that indicated that \u201cunauthorized . . . attempts\u201d were made to access as many as 250,000 Twitter accounts.\u00a0 Basically, nearly a quarter of a million Twitter accounts were hacked into.\u00a0 In what …<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/1445"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=1445"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/1445\/revisions"}],"predecessor-version":[{"id":7630,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/1445\/revisions\/7630"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=1445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=1445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=1445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}