When Twitter revealed Friday that 250,000 of its user accounts may have been compromised by hackers, it downplayed the damage by adding that “only a very small percentage” of users were affected. But that very small percentage may represent a very big chunk of Twitter’s activity and influence.
The quarter million Twitterers hit by the hacker compromise were nearly all among the first batch of users of Twitter’s service, registered in June of 2007 or earlier, according to an analysis by the social media analytics firm PeerReach and others by independent Twitter users. PeerReach found that among 80 users it asked or who volunteered the information on Twitter, all but four who were alerted that their account was compromised had registered in that early window, and every user that hadn’t received the email had registered later. Another count of 54 users by Melissa Elliott, a researcher with security firm Veracode working in her spare time, found that all but one user hit by the attack had registered before the same cutoff date, and I got similar results when I queried another dozen Twitter users.
If the 250,000 hacking victims were in fact the first to register on Twitter, that also makes them some of the site’s most high-profile and active users. Using June 15th, 2007 as the estimated cutoff date for the targets of the Twitter hack, PeerReach found that the hacking victims likely included President Barack Obama, Vice President Joe Biden, Speaker of the House John Boehner, and Congressman Eric Cantor, among other politicians. (None of them responded to tweets I sent to their accounts asking about the security breach.)
“Twitter is saying that only a tenth of a percent of their total population has been compromised. But this tenth of a percent is among the most significant,” says PeerReach analyst Nico Schoonderwoerd. “This could be coincidence, or it could be they specifically targeted a certain server because they specifically wanted to access those accounts.”
PeerReach also checked its list of what it considers the top one hundred most influential media Twitterers and found that 22% were likely included in the compromised accounts, including the main accounts for the New York Times, CNN, NPR, Reuters, the BBC, and the Guardian.
More importantly, perhaps, are the reporters themselves among those accounts, who may have had their private communications with sources violated; They include the New York Times’ Nick Bilton, MSNBC’s Chris Hayes, and CBS‘s John Dickerson. Given that Twitter alluded in its blog post to a string of recent attacks allegedly carried out by Chinese hackers, it’s worth noting that many well-known Chinese and China-focused bloggers were among the early set of Twitter users, too, including Michael Anti, Isaac Mao, and Bill Bishop.
Twitter hasn’t offered many details about its breach, other than warning affected users that their usernames, email addresses, and hashed passwords were all potentially stolen by hackers, along with the session tokens that allow users to access the service without logging in on every visit. The company has forced all affected users to change their passwords and reset their session tokens. Compromised users should be sure to also change the password of any accounts on other services where they used the same login credentials. The company hasn’t revealed when it was first hacked, and didn’t immediately respond to my request for more information Monday.
In its blog post about the compromise last week, Twitter asked users to be wary of phishing websites and disable Java in their browsers. Those measures would prevent so-called “client-side attacks” that take place on users’ machines when they visit a malicious websites. But the fact that only Twitter’s first batch of users were affected means that it’s far more likely the data was stolen from Twitter’s servers, where it was organized by date.
“It seems much more likely that something happened on Twitter’s backend than on any client,” says Veracode’s Melissa Elliot. “They’re being very coy about it.”
See PeerReach’s full analysis here.
Follow me on Twitter, and check out my new book, This Machine Kills Secrets: How WikiLeakers, Cypherpunks and Hacktivists Aim To Free The World’s Information.