Twitter hacked, 250,000 passwords compromised

Twitter hacked, 250,000 passwords compromised

Twitter has informed users that their service had been hacked and that 250,000 usernames, email addresses, session tokens, and encrypted/salted passwords had been compromised. According to Twitter's director of information security, Bob Lord, who posted on

As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.

To date, I haven't received a notification for any of my accounts, but I've changed them all anyway. I'm paranoid, but I'd recommend you do the same, and use a password management app so you can set something strong and not have to worry about remembering it yourself.

If you were notified by Twitter about your password, let me know.


Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Evasi0n jailbreak nearing completion, still appears on course for Super Bowl Sunday release

Next up →

How to follow along with the Super Bowl on iPhone and iPad

Reader comments

Twitter hacked, 250,000 passwords compromised


Got the mail. Looks like only twitteraccounts from the early days were affected. Accounts created in 2006/2007. Like mine.

Ah, that makes sense why I got the message, and no one else I know did. I remember working at ebay, June of 2007 is when I signed up.

Is it silly that even though I'm in the top .62% of people who signed up, that Im endlessly frustrated that I'm in the 6 millions? =\

But anyway, yes. Old timers were affected. That's a-me :)

Also, am I the only one who was frustrated by the stock twitter email that was sent out, implying that we got spoofed:

In general, be sure to:

Always check that your browser's address bar is on a website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!

Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.

Review your approved connections on your Applications page at If you see any applications that you don't recognize, click the Revoke Access button.

The headline says passwords compromised, the article says the passwords were encrypted and salted and that affected accounts had their passwords reset. Wasn't it on this site that I read, not long ago, a rant about click baiting headlines with ledes that are less sensational? :/

There are probably way more than 250,000 accounts with "twitter," "mytwitter," "twitter000," "twitter001," etc. as their passwords. That's where the real "hacking" will happen.