IE 11 is not supported. For an optimal experience visit our site on another browser.

Twitter confirms theft of 250,000 user names, emails in hack


Twitter announced in a blog post Friday that a recent, "extremely sophisticated" hack may have exposed around 250,000 users' email addresses and other information.

"This attack was not the work of amateurs, and we do not believe it was an isolated incident," wrote Bob Lord, Twitter's director of information security. He did not indicate whether the breach was connected to Thursday's downtime.

Data stolen included user names, emails, session tokens (used to maintain a logged-in state), and passwords, although the latter were "salted" and encrypted, meaning they are likely unable to be read by the hackers. Consequently, little damage appears possible other than publishing the attachment of accounts to certain email addresses.

Affected users have had their passwords reset and their Twitter sessions terminated, and should receive an email soon informing them of the fact. Twitter also advocated disabling Java in browsers as an additional security step, following the recent discovery of a separate security flaw in the web app platform.

This is the third high-profile hack to have surfaced in the last week: Both the New York Times and the Wall Street Journal reported that their systems had been infiltrated by Chinese hackers.

Whether the three attacks are related is not known, as the extent of the hacks has not been fully documented. Twitter indicated that it is gathering information and helping government and law enforcement agencies in order to track down the culprits.

Devin Coldewey is a contributing writer for NBC News Digital. His personal website is