Millions of Twitter Passwords For Sale -- Follow These Easy Steps To Save Your Account
In this Wednesday Nov. 6, 2013, file photo, the Twitter logo appears on an updated phone post on the floor of the New York Stock Exchange. (AP Photo/Richard Drew, File)
If it’s not already painfully obvious, people’s passwords are being sold in the murky corners of the web en masse. This week, as many as 32 million Twitter TWTR -2.34% passwords were reportedly on sale for 10 Bitcoin ($5,775), as Leaked Source, a search engine for stolen data, claimed it had been passed a humongous dataset by an anonymous party.
Twitter doesn’t believe it was hacked. Leaked Source thinks usernames and passwords were pilfered via malware infections, though it couldn’t specify how any Twitter credential-theft virus might have spread. But the data, as far as Leaked Source is aware, is real.
Read Also: Twitter logins(Stolen) put on sale
There’s been a spate of Twitter account hacks too, from Facebook FB +0.13% CEO Mark Zuckerberg to musician Bon Iver. One of our own writers had their account hacked today too, though they swiftly recovered it.
It’s become equally clear - on the back of recent mega-breaches of Myspace, Tumblr and many more – it’s not difficult to prevent accounts from being hijacked with some rudimentary digital hygiene. Here are two simple steps to keep your tweets safe from those who would use them for disseminating salacious or dangerous material, be it porn or spam links.
Get a password manager. Right. Now.
Not a month goes past without me recommending a password manager to someone. It’s simple: download an app – LastPass, 1Password, KeePass all come recommended – and use their random password generators to create a secure login for you. All you’ll need to unlock those passwords is your own unique, hopefully-unguessable password. That means across all your web services, you’ll have a secure password that’s incredibly difficult to crack, even if the service provider gets hacked.
Why are they harder to crack? Most firms use a process called hashing, which turns the plain text password into gobbledegook – a hash – using an algorithm. Cracking sees hackers use tools to guess the plain text that matches with the hash. Where someone has used a very simple password – e.g. 123456 – it’ll only take a few seconds to find the hash that matches the plain text and it’s game over for that naive user. For incredibly long and complex passwords, this process takes far too long for the hacker to ever be successful.
To use password managers across mobiles as well as the desktop, you’ll likely have to pay an additional fee, but it’s typically small. For instance, LastPass charges an additional $12 a year for the premium model. 1Password is pay only, but is widely used and well reviewed. KeePass is free and open source.
Use two-factor authentication. Do it. Now.
What the flip is “two-factor authentication”? It’s a long way of saying: use another unique password on top of your normal one every time you login. You can have this sent to you either in an app or via text message. Even if the hacker has your normal password, as long as they haven’t targeted your phone too (unlikely for most), they won’t have your unique, one-time code required to get into the account.
On Twitter, it’s simple to set up. Go to your settings page, then hit the ‘Security and privacy’ tab. Simply hit the top option, ‘Verify login requests’. Twitter will then ask for your phone number so it can text you the unique code.
Apple AAPL +0.73%, Google, Facebook and Microsoft all offer similar services across their consumer services. If you use any and are concerned about hackers breaking into your account, they’re similarly simple to set up.
Using a lame password and not protecting your accounts doesn’t just put you in danger, it leaves others at risk too. If your account starts spreading spam links, your less digitally-literate friends are likely to trust them and click through. And what will they think when all those NSFW images start spewing out of your Twitter?
Source: Forbes Tech
If it’s not already painfully obvious, people’s passwords are being sold in the murky corners of the web en masse. This week, as many as 32 million Twitter TWTR -2.34% passwords were reportedly on sale for 10 Bitcoin ($5,775), as Leaked Source, a search engine for stolen data, claimed it had been passed a humongous dataset by an anonymous party.
Twitter doesn’t believe it was hacked. Leaked Source thinks usernames and passwords were pilfered via malware infections, though it couldn’t specify how any Twitter credential-theft virus might have spread. But the data, as far as Leaked Source is aware, is real.
Read Also: Twitter logins(Stolen) put on sale
There’s been a spate of Twitter account hacks too, from Facebook FB +0.13% CEO Mark Zuckerberg to musician Bon Iver. One of our own writers had their account hacked today too, though they swiftly recovered it.
It’s become equally clear - on the back of recent mega-breaches of Myspace, Tumblr and many more – it’s not difficult to prevent accounts from being hijacked with some rudimentary digital hygiene. Here are two simple steps to keep your tweets safe from those who would use them for disseminating salacious or dangerous material, be it porn or spam links.
Get a password manager. Right. Now.
Not a month goes past without me recommending a password manager to someone. It’s simple: download an app – LastPass, 1Password, KeePass all come recommended – and use their random password generators to create a secure login for you. All you’ll need to unlock those passwords is your own unique, hopefully-unguessable password. That means across all your web services, you’ll have a secure password that’s incredibly difficult to crack, even if the service provider gets hacked.
To use password managers across mobiles as well as the desktop, you’ll likely have to pay an additional fee, but it’s typically small. For instance, LastPass charges an additional $12 a year for the premium model. 1Password is pay only, but is widely used and well reviewed. KeePass is free and open source.
Use two-factor authentication. Do it. Now.
What the flip is “two-factor authentication”? It’s a long way of saying: use another unique password on top of your normal one every time you login. You can have this sent to you either in an app or via text message. Even if the hacker has your normal password, as long as they haven’t targeted your phone too (unlikely for most), they won’t have your unique, one-time code required to get into the account.
On Twitter, it’s simple to set up. Go to your settings page, then hit the ‘Security and privacy’ tab. Simply hit the top option, ‘Verify login requests’. Twitter will then ask for your phone number so it can text you the unique code.
Apple AAPL +0.73%, Google, Facebook and Microsoft all offer similar services across their consumer services. If you use any and are concerned about hackers breaking into your account, they’re similarly simple to set up.
Using a lame password and not protecting your accounts doesn’t just put you in danger, it leaves others at risk too. If your account starts spreading spam links, your less digitally-literate friends are likely to trust them and click through. And what will they think when all those NSFW images start spewing out of your Twitter?
Source: Forbes Tech
No comments