Status.twitter.com tells us that DNS records were overwritten temporarily tonight by attackers to redirect HTTP traffic to another host that was originally destined for twitter.com.
With the information that I know now (12:40am, 12/18):
The host which contained the landing page was hosted with bluehost. This tells us a few things
- They didn’t have the infrastructure to do packet captures, or credential theft. Bluehost does shared hosting.
- Any attempt to do so would have thrown TONS of SSL errors, and very likely DDoS’ed the server hosting the landing page. (Twitter had HUNDREDS of servers, these guys had 1.). All of your twitter apps would have thrown errors, or flat out stopped working.
- Twitters security infrastructure was left untouched, and was not a target of the attack.
I’ve been watching twitter scroll with sensationalism and panic, people yelling “OH GOD TWITTER GOT HACKED EVERYONE CHANGE YOUR PASSWORDS NOW”.
Please – don’t do that.
Its going to make everyones job harder who have to work on this situation, it incites panic and causes people to prematurely flip out and do things they probably shouldn’t do.
I’ve had to deal with this in the past – people throwing their arms in the air and screaming about passwords being compromised when they in fact weren’t. It did not end well.
Please – think before you hit send.