To help keep your account secure, we recommend the following best practices:
- Use a strong password that you don’t reuse on other websites.
- Use two-factor authentication.
- Require email and phone number to request a reset password link or code.
- Be cautious of suspicious links and always make sure you’re on twitter.com before you enter your login information.
- Never give your username and password out to third parties, especially those promising to get you followers, make you money, or verify you.
- Make sure your computer software, including your browser, is up-to-date with the most recent upgrades and anti-virus software.
- Check to see if your account has been compromised.
Create a strong and unique password for your Twitter account. You should also create an equally strong and unique password for the email address associated with your Twitter account.
- Do create a password at least 10 characters long. Longer is better.
- Do use a mix of uppercase, lowercase, numbers, and symbols.
- Do use a different password for each website you visit.
- Do keep your password in a safe place. Consider using password management software to store all of your login information securely.
- Do not use personal information in your password such as phone numbers, birthdays, etc.
- Do not use common dictionary words such as “password”, “iloveyou”, etc.
- Do not use sequences such as ”abcd1234”, or keyboard sequences like “qwerty.”
- Do not reuse passwords across websites. Your Twitter account password should be unique to Twitter.
Additionally, you can select Password reset protection in your Account settings. If you check this box, you will be prompted to enter either your email address or phone number, or your email address then phone number if both are associated with your account to send a reset password link or confirmation code if you ever forget it.
If your account has been compromised but you’re still able to log in, this page will help you secure your account and stop unwanted behaviors. If you can’t log in to your account, please see this article for help with a potentially hacked account.
Has my account been compromised?
- Noticed unexpected Tweets by your account
- Seen unintended Direct Messages sent from your account
- Observed other account behaviors you didn’t make or approve (like following, unfollowing, or blocking)
- Received a notification from us stating that your account may be compromised
- Received a notification from us stating that your account information has changed, and you didn’t change it
- Noticed your password is no longer working and you are being prompted to reset it
If you’ve answered yes to any of the above, please take the following steps:
1. Change your password
Please change your password immediately from the Password tab in settings.В If you are logged out, go to Login and click on Forgot Password to reset your password.В Please select a strong password you haven’t used before. If you can’t log in, your account may have been hacked.
If you frequently receive password reset messages that you did not request, you can require that your email address and/or phone number must be entered in order to initiate a password reset. FindВ instructions and information about resetting your password.
2. Make sure your email address is secure
Make sure that the email address attached to your account is secure and that you are the only one with access to it. You can change your email address from your Twitter app (iOS or Android) or by logging in on twitter.com and visiting the Account settings tab. Visit this article for instructions for updating your email address, and see this article for additional email account security tips.
3. Revoke connections to third-party applications
4. Update your password in your trusted third-party applications
If a trusted external application uses your Twitter password, be sure to update your password in that application. Otherwise, you may be temporarily locked out of your account due to failed login attempts.
Your account should now be secure, and you shouldn’t see the unexpected account behaviors moving forward. If you’re still experiencing issues, please file a support request for assistance.
Protect your account with simple precautions
If your account has been compromised, take these additional precautions:
- Delete any unwanted Tweets that were posted while your account was compromised.
- Scan your computers for viruses and malware, especially if unauthorized account behaviors continue to be posted after you’ve changed the password.
- Install security patches for your operating system and applications.
- Always use a strong, new password you don’t use elsewhere and would be difficult to guess.
- Consider using two-factor authentication. Instead of relying on just a password, login verification introduces a second check to make sure that you and only you can access your Twitter account.
- Visit our account security tips page for more information on avoiding hacks and phishing.
How do accounts become compromised? (Did somebody hack me?)
Accounts may become compromised if you’ve entrusted your username and password to a malicious third-party application or website, if your Twitter account is vulnerable due to a weak password, if viruses or malware on your computer are collecting passwords, or if you’re on a compromised network.
Unexpected updates don’t always mean that your account was hacked. Occasionally, a third-party application can have a bug that causes unexpected behavior. If you see strange behavior, changing your password and/or revoking connections will stop it, as the application will no longer have access to your account.
It’s best to take action as soon as possible if updates are appearing in your account that you did not post or approve. You can find more information in our account security tips page.
” data-bg-color=”white-neutral” data-root-page-title=”Media” data-search-placeholder=”Search” data-search-enabled=”true” data-search-page=”https://media.twitter.com/en/search” data-search-query-key=”q” data-search-query-type=”?” data-scribe-element=”WM7A” data-scribe-section=”u01b-navigation” data-cta-enabled=”true” data-cta-text=”Subscribe” data-cta-link=”https://media.twitter.com/en/subscribe” data-cta-link-new-tab=”false”>
Managing and Protecting your Account
Managing your account
Everything you need to know about your profile and account settings.
How to reset a lost or forgotten password
ItвЂ™s easy to recover a lost password and regain access to your account, provided that your Twitter profile contains a current email address and/or phone number. Take a moment and make sure the information youвЂ™ve associated with your account is up to date.
How to change your username
If you donвЂ™t like the name you chose for your Twitter account, you can change it without affecting your existing followers, Direct Messages, or replies. Your followers will simply see a new username next to your profile photo when you update.
How to manage multiple accounts
If you have more than one Twitter account, itвЂ™s simple to access them from your Twitter for iOS or Android app, or add new ones.
How to control your Twitter experience.
Twitter provides tools to help you control what you see and what others can see about you, so you can enjoy the best parts of the Twitter experience and express yourself with confidence.
аІЁаІїаІ®аіЌаІ®аІЁаіЌаІЁаіЃ аІ№аіЌаІЇаІѕаІ•аіЌ аІ®аІѕаІЎаІІаІѕаІ—аІїаІ¦аі† аІЋаІ‚аІ¦аіЃ аІЁаіЂаІµаіЃ аІаІѕаІµаІїаІёаІїаІ¦аІ°аі† аІ®аІ¤аіЌаІ¤аіЃ аІЁаІїаІ®аіЌаІ® аІ¬аІіаІ•аі†аІ¦аІѕаІ°аІ° аІ№аі†аІёаІ°аіЃ аІ®аІ¤аіЌаІ¤аіЃ аІЄаІѕаІёаіЌвЂЊаІµаІ°аіЌаІЎаіЌвЂЊаІЁаіЉаІ‚аІ¦аІїаІ—аі† аІІаІѕаІ—аІїаІЁаіЌ аІ®аІѕаІЎаІІаіЃ аІЁаІїаІ®аІ—аі† аІёаІѕаІ§аіЌаІЇаІµаІѕаІ—аІ¦аІїаІ¦аіЌаІ¦аІ°аі†, аІ€ аІ•аі†аІіаІ—аІїаІЁ аІЋаІ°аІЎаіЃ аІ•аіЌаІ°аІ®аІ—аІіаІЁаіЌаІЁаіЃ аІ¦аІЇаІµаІїаІџаіЌаІџаіЃ аІ¤аі†аІ—аі†аІ¦аіЃаІ•аіЉаІіаіЌаІіаІї:
1. аІЄаІѕаІёаіЌвЂЊаІµаІ°аіЌаІЎаіЌ аІ®аІ°аіЃаІЁаІїаІ—аІ¦аІї аІµаІїаІЁаІ‚аІ¤аІїаІёаІї
аІЄаІѕаІёаіЌвЂЊаІµаІ°аіЌаІЎаіЌ аІ®аІ°аіЃаІЁаІїаІ—аІ¦аІї аІЁаІ®аі‚аІЁаі†аІЇаІїаІ‚аІ¦ аІ‡аІ®аі‡аІІаіЌвЂЊ аІµаІїаІЁаІ‚аІ¤аІїаІёаіЃаІµ аІ®аі‚аІІаІ• аІЁаІїаІ®аіЌаІ® аІЄаІѕаІёаіЌвЂЊаІµаІ°аіЌаІЎаіЌвЂЊ аІ®аІ°аіЃаІЁаІїаІ—аІ¦аІї аІ®аІѕаІЎаІї. аІЁаІїаІ®аіЌаІ® аІ¬аІіаІ•аі†аІ¦аІѕаІ°аІ° аІ№аі†аІёаІ°аіЃ аІ®аІ¤аіЌаІ¤аіЃ аІ‡аІ®аі‡аІІаіЌ аІµаІїаІіаІѕаІёаІµаі†аІ°аІЎаІЁаіЌаІЁаі‚ аІЁаІ®аі‚аІ¦аІїаІёаІІаіЃ аІЄаіЌаІ°аІЇаІ¤аіЌаІЁаІїаІёаІї аІ®аІ¤аіЌаІ¤аіЃ аІЁаІїаІ®аіЌаІ® Twitter аІ–аІѕаІ¤аі†аІЇаіЉаІ‚аІ¦аІїаІ—аі† аІёаІ‚аІ¬аІ‚аІ§аІїаІёаІїаІ¦ аІµаІїаІіаІѕаІёаІ•аіЌаІ•аі† аІ‡аІ®аі‡аІІаіЌвЂЊ аІ¬аІ‚аІ¦аІїаІ¦аі†аІЇаі‡ аІЋаІ‚аІ¦аіЃ аІЄаІ°аІїаІ¶аіЂаІІаІЁаі† аІ®аІѕаІЎаіЃаІµаіЃаІ¦аІЁаіЌаІЁаіЃ аІ–аІљаІїаІ¤аІЄаІЎаІїаІёаІї.
аІЄаІѕаІёаіЌвЂЊаІµаІ°аіЌаІЎаіЌ аІ®аІ°аіЃаІЁаІїаІ—аІ¦аІїаІЇ аІЁаІ‚аІ¤аІ° аІЁаІїаІ®аІ—аі† аІІаІѕаІ—аіЌ аІ‡аІЁаіЌ аІ®аІѕаІЎаІІаіЃ аІёаІѕаІ§аіЌаІЇаІµаІѕаІ¦аІ°аі†, аІЁаІїаІ®аіЌаІ® аІ–аІѕаІ¤аі† аІ°аІѕаІњаІїаІЇаІѕаІ—аІїаІ¦аі†аІЇаі‡ аІЋаІ‚аІ¦аіЃ аІ¦аІЇаІµаІїаІџаіЌаІџаіЃ аІЄаІ°аІїаІ¶аіЂаІІаІїаІёаІї аІ®аІ¤аіЌаІ¤аіЃ аІЁаІїаІ®аіЌаІ® аІ–аІѕаІ¤аі†аІЇаІЁаіЌаІЁаіЃ аІЄаіЃаІЁаІѓ аІёаіЃаІ°аІ•аіЌаІ·аІїаІ¤аІ—аіЉаІіаІїаІёаІї.
2. аІЁаІїаІ®аІ—аі† аІ‡аІЁаіЌаІЁаі‚ аІёаІ№аІѕаІЇ аІ¬аі‡аІ•аІїаІ¦аіЌаІ¦аІІаіЌаІІаІї аІ¬аі†аІ‚аІ¬аІІаІµаІЁаіЌаІЁаіЃ аІёаІ‚аІЄаІ°аіЌаІ•аІїаІёаІї
аІЁаІїаІ®аІ—аі† аІ‡аІЁаіЌаІЁаі‚ аІІаІѕаІ—аІїаІЁаіЌ аІ®аІѕаІЎаІІаіЃ аІёаІѕаІ§аіЌаІЇаІµаІѕаІ—аІ¦аІїаІ¦аіЌаІ¦аІ°аі†, аІ¬аі†аІ‚аІ¬аІІ аІµаІїаІЁаІ‚аІ¤аІї аІёаІІаіЌаІІаІїаІёаіЃаІµ аІ®аі‚аІІаІ• аІЁаІ®аіЌаІ®аІЁаіЌаІЁаіЃ аІёаІ‚аІЄаІ°аіЌаІ•аІїаІёаІї. аІ№аіЌаІЇаІѕаІ•аіЌ аІ®аІѕаІЎаІїаІ¦ Twitter аІ–аІѕаІ¤аі†аІЇаіЉаІ‚аІ¦аІїаІ—аі† аІЁаіЂаІµаіЃ аІёаІ‚аІ¬аІ‚аІ§аІїаІёаІїаІ¦ аІ‡аІ®аі‡аІІаіЌ аІµаІїаІіаІѕаІёаІµаІЁаіЌаІЁаіЃ аІЄаІ°аІїаІ¶аіЂаІІаІїаІёаіЃаІµаіЃаІ¦аІЁаіЌаІЁаіЃ аІ–аІљаІїаІ¤аІЄаІЎаІїаІёаІї; аІЁаІ‚аІ¤аІ° аІЁаІѕаІµаіЃ аІ№аі†аІљаіЌаІљаіЃаІµаІ°аІї аІ®аІѕаІ№аІїаІ¤аІїаІЇаІЁаіЌаІЁаіЃ аІ®аІ¤аіЌаІ¤аіЃ аІёаі‚аІљаІЁаі†аІ—аІіаІЁаіЌаІЁаіЃ аІ† аІ‡аІ®аі‡аІІаіЌ аІµаІїаІіаІѕаІёаІ•аіЌаІ•аі† аІ•аІіаіЃаІ№аІїаІёаіЃаІ¤аіЌаІ¤аі‡аІµаі†. аІЁаІїаІ®аіЌаІ® аІ¬аі†аІ‚аІ¬аІІ аІµаІїаІЁаІ‚аІ¤аІїаІЇаІЁаіЌаІЁаіЃ аІёаІІаіЌаІІаІїаІёаіЃаІµаІѕаІ—, аІЁаІїаІ®аіЌаІ® аІ¬аІіаІ•аі†аІ¦аІѕаІ°аІ° аІ№аі†аІёаІ°аіЃ аІ®аІ¤аіЌаІ¤аіЃ аІЁаІїаІ®аіЌаІ® аІ–аІѕаІ¤аі†аІЇаІЁаіЌаІЁаіЃ аІ•аіЉаІЁаі†аІЇаІ¦аІѕаІ—аІї аІЄаіЌаІ°аІµаі‡аІ¶аІїаІёаІїаІ¦ аІ¦аІїаІЁаІѕаІ‚аІ•аІµаІЁаіЌаІЁаіЃ аІ¦аІЇаІµаІїаІџаіЌаІџаіЃ аІёаі‡аІ°аІїаІёаІї.
Want to protect your Twitter account? Here are some simple tips you can follow to protect your Twitter account from being hacked.
The use of the internet has become inevitable in today’s time. It has made our lives easy in so many ways that people no more mind storing their personal details on an online platform. However, this habit may cause serious trouble, as on Wednesday Twitter witnessed a major breach, several high-profile Twitter accounts were hacked.
Some of the people whose accounts were hacked were Barack Obama, Bill Gates, Elon Musk, Kanye West etc. Now, if you are a Twitter user then you need to know how you can protect your privacy and avoid fraud. Here are some basic tips on how you can keep your Twitter account safe, secure and protected.
Twitter users can follow these tips to secure their twitter account from hackers.
Enable twitter two-factor authentication
Two-factor authentication is also known as two-step verification or 2FA. It is an extra layer of security for your Twitter account. Once you enable this two-factor authentication, you will need your password to log in to your account, along with a secondary login method.
So, even the hackers discover your password, they won’t be able to access your account, without your trusted device (like your phone) and the verification code that confirms it’s you.
Hence, you can use this additional step to make your Twitter account more secure.
Use uncrackable passwords
Most of the people use their birthdays, phone number, anniversary dates, social security numbers, pets name or your child’s name etc as their password. These are all weak choices, this can be easily found on your social media accounts and can give hint to a hacker, so, try to avoid it.
Instead, try to create a password between 8-20 characters long using symbols, numbers, uppercase and lowercase letters like #[email protected]$%^.
All these features will help you to make your Twitter password strong and complex, difficult to hack.
Watch out for Phishing
Hackers will mostly try to access your private information using tweets, emails & direct messages on Twitter-this practice is known as phishing.
They may send you a fake message claiming your Twitter account’s been hacked and instruct you to change your password immediately. They may also send you a link saying you have won a contest & all you need to do to claim your prize is log in to your Twitter account.
Don’t fall for these tricks! These are all signs that someone is trying to hack your account.
Use trusted third-party applications
If you use any third-party applications be careful because it gives the apps limited access to your Twitter account. If you experience anything sketchy, immediately remove the app from your account, change your Twitter password.
Even after that if you see the unexpected account behaviours moving forward you can file a support request for assistance.
Don’t allow all notifications
Whenever you receive a notification where they ask you to allow for certain things, like your images, contact details etc, most of the time you end up allowing it without reading it carefully.
This practice can be very risky for you! So, every time you get notification first read it and then only allow it.
Block and report
Twitter ‘Block’ feature helps you to restrict specific accounts from contacting you, seeing your tweets and even seeing your followers list. The block account cannot follow you, retweet your tweet, and tag you in a photo.
Now, if you feel that a user is stalking then you can simply block the Twitter account. You can even use the advanced block feature on Twitter.
However, if you come across some kind of abuse, you can directly report it without any hassles. You can report an account that you have blocked or that has blocked you.
Twitter has just revealed that users should urgently change their passwords to avoid being hacked. The company investigated potential breaches but concluded that there was “no indication of breach or misuse by anyone”.
While Twitter’s investigation did not find indicators of abuse, it recommended that all Twitter users change account passwords and implement additional security protections if not activated already on the account.
This guide walks you through the steps of changing the Twitter account password. It furthermore points to additional security protections that you may want to enable on the account to improve security significantly.
How do I change my Twitter password?
While logged into your account, go to
- Settings and privacy, then Password.
Here, you’ll be able to change your password or recover your current one.
- Enter your current password, then a new one
- Then press Save changes.
How do I create a secure password?
Many people create passwords that others can easily guess or that hackers can easily decipher to gain access to your account.
If you usually go with ‘password’, ‘qwerty’ or ‘123…’, now is the time to stop.
Strong passwords are usually long and consist of upper and lower case letters, symbols and numbers.
Use SMS Two-Factor Authentication
Your last line of security is two-step authentication, which is also often called Two-Factor Authentication (or 2FA for short). Twitter actually simplifies this even more by just calling the feature “Login verification”
This two-factor authentication process can send a code to your mobile phone number whenever a new device attempts signing into your account with the correct password. Of course, it doesn’t help a whole lot if someone has your phone, but at that point, you will have a lot more to worry about than just Twitter.
- Click “Settings and privacy’.
- Choose ‘Account’ and then
- Read the overview instructions, then click ‘Start’.
- Enter your password and click ‘Verify’.
- Click ‘Send code’ to add your phone number if that’s the verification method you want.
- Enter the verification code sent to your phone, hit ‘Submit’, and login verification will then be enabled.
The good thing about 2FA is that even if hackers steal your password when they try to log in your account using another device, they will fail because only the owner will receive the 2FA message on his or her phone.
So even if your password is stolen, with 2FA your account won’t be hacked.
Last year, Twitter accounts of well-known celebrities and large corporations were hacked. You could be the next victim! Here’s how to find out if your account is hacked and how to get your account back.
T witter was in the news last year when accounts of celebrities got hacked, and their accounts were taken over. Scammers targeted nearly 130 Twitter accounts of well-known personalities, including Jeff Bezos, Bill Gates, Elon Musk, Barack Obama, and corporate accounts of Apple, Uber, and many others. You could be next! How do you know if your Twitter account is hacked? What should you do if your account gets hacked? And how do you secure your Twitter account? Read along to know the tell-tale signs of a hacked Twitter account and ways to recover it.
By Rudra Srinivas, Feature Writer, CISO MAG
How to check if your Twitter account has been hacked
These are signs that your account has been compromised:
- A change in your name, profile picture, or email address
- New friends or friend requests from strangers with dubious handles
- Unauthorized or inappropriate tweets you did not post
- Following or unfollowing Twitter accounts
- Your password is no longer working, and you are being prompted to reset it
How to recover a hacked Twitter account?
You must act immediately as soon as you become aware that your Twitter account is compromised. It leads to a breach of critical information if a threat actor has access to your personal information for a long time.
Step 1: Reset Your Password
If your account is compromised but you’re still able to log in, change your account password immediately.
To change your password, click on the More option on the homepage >> select Settings and Privacy >> finally click on Change Your Password.
Step 2: Account Recovery
If you are unable to access your account, you’ll have to recover it.
For the Twitter account recovery system, click on Forgot Password on the login page >> enter your email, phone number, or username and click Search >> select the account recovery method >> provide the required details and follow the instructions >> after verifying your account click Reset Password to complete the account recovery process.
Step 3: Report the Hack
If you’re still unable to regain access to your compromised account, you should report directly to Twitter Support and select Hacked Account option. The support page displays options to recover your compromised account.
Image Courtesy: Twitter Support
How to avoid getting hacked again?
- Use strong passwords that are a mix of upper and lower case and numbers (e.g. LearnttoRIDEabikeat5)
- Enable Twitter’s two-step authentication (use an Authentication app)
- Cross-check the URL for spelling discrepancies before logging in
- Avoid public Wi-Fi
- Beware of third-party apps’ permissions
- Avoid social logins
Social media accounts have growing importance because people share their personal experiences on virtual communities. With attackers leveraging innovative tactics to exploit loopholes on social media platforms, it is imperative for users to step-up their social media network security. Your social media handles will be secure only when you follow proper security measures.
The Twitter hack is an example of the fact that a human is the weakest link in cybersecurity. According to a Black Hat survey, “A single human mistake, can result in an attacker taking over all of the organization’s infrastructure, no matter what hardware, software, or endpoint security implementation has been done from the defensive team.”
Rudra Srinivas is a Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
Here’s Why Twitter Got Hacked and How to leverage Zero Trust Security to Prevent Such Security Breaches in the Future
In one of the most brazen cyberattacks in recent history, some of the most influential Twitter accounts were compromised in mid-July. Twitter handles that got hacked included powerful names like Elon Musk, Bill Gates, Kanye West, Joe Biden, and even the former United States President Barack Obama.
On the eve of July 15, a multitude of high-profile Twitter accounts started to send out a tweet that shared a link accompanying a message which claimed that anyone who sends any amount of bitcoin to the link will receive their cryptocurrency back doubled. Had the tweet come from any average JoeвЂ™s handle, it would’ve been dismissed immediately as an outright scam. However, direct involvement of the world’s most influential political and technology elites lent credibility to the message making many people fall for the scam.
Twitter Hack вЂ“ As It Happened
According to the details disclosed by the affected platform, Twitter employees became victims of social engineering as they were tricked into revealing privileged information to hackers. Twitter Support referred to this attempt as “coordinated social engineering attack” as hackers were successful in targeting some of Twitter employees who had access to internal tools and systems. В
The leaked information was used by the attackers to gain access to Twitter’s internal database and it also enabled them to circumvent the social platformвЂ™s two-factor authentication (2FA). Once the hackers were in the system, resetting passwords of verified accounts was not that big of a challenge. Attackers targeted 130 accounts but they were able to execute password reset for 45 accounts. The hackers were also able to harvest sensitive personal data of influential people including phone numbers, email addresses, and private messages.
The first handles that got compromised were Apple and Uber accounts followed by those of Bill Gates and Elon Musk. In a matter of a few hours, the attackers had successfully taken over the Twitter accounts of Jeff Bezos, Barack Obama, Mike Bloomberg, and Joe Biden. В
It is interesting to note that political and technology figureheads were not the only ones who were impacted. Sportsmen like Floyd Mayweather and pop culture icon Kim Kardashian also became the victims of the attack. This forced Twitter’s hand to lock most of the verified handles across the United States and the world.
Weak Links that Enabled the Attack
Modern hacking revolves around exploiting weaknesses in the system instead of brute-forcing your way through them. Despite a major shift in focus towards both enterprise and consumer cybersecurity and privacy, our identities remain weak due to the following reasons.
- Passwords – A combination of characters that someone knows. It is a weak spot because passwords rely on human intelligence and constant vigilance. Any lack in either of those aspects can lead to exposure of sensitive information.
- Phishing – Although many people can identify phishing attacks, ones that are more sophisticated are quite challenging to decipher, especially when they are used in combination with social engineering. Attackers gain your confidence and pick on your vulnerability to trick you into sharing information they are not privy to.
- Centralised Databases – They are single-point failure systems as once a hacker is in, they gain access to pretty much anything they want. And before you find out about the attack and identify its nature and scope, the damage has already been done. Not unlike what happened in Twitter’s hacking fiasco.
Consequences of the Attack В
- Hackers were able to take over influential accounts which could have been far more disastrous for the financial and political parts of the world. Fortunately, the attackersвЂ™ scam was quickly stopped by the coordinated effort of Twitter and the major cryptocurrency exchanges.
- High-profile identities were stolen which again could have been used to enact conspiracies with far-reaching political and financial consequences.
- The hack did not only cause financial and reputational damage to the social media platform but for its victims it meant loosing untraceable money (crypto currency).
How to Prevent Such Attacks В
In order to reduce the chances of major security breaches in the future, companies need to adopt a system that relies on zero trust, zero knowledge, and zero personally identifiable information (PII) based security architecture. All of these features will enable the next-generation security technology designed to ensure that the end user is always authentic. В They key features would include:
- Password-less authentication which means social engineering or phishing attempts cannot be successful В
- Even if there is a phishing or account takeover attempt, there is built-in prevention within the architecture that keeps sensitive data and information safe and secure.
- There is no centralized database where all the credentials are stored as authentication information is either biometric-based and generated on the edge device.
- Privileged insider threat prevention which ensures human error or negligence does not get in the way of your cybersecurity initiatives.
- Using this modern security architecture allows you to deploy multi-party authorisation which substantially reduces the odds of a lone attacker or rogue insider compromising the entire system.
In a matter of hours, the people behind the Twitter attack were not only able to compromise multiple high-profile accounts but sent out tweets that allowed them to defraud thousands of people successfully. Many would point fingers towards Twitter employees and the lax nature of security initiatives by the social platform itself, but the underlying causes were the weak links present within currently prevalent security architecture and procedures, which are used by all companies worldwide.
Humans will always be susceptible to making mistakes, going rogue, or being emotionally manipulated. The end goal should be to put a superior security architecture on top of them that strengthens inherent security by eliminating our reliance on the weak links that can be exploited. Zero trust, zero knowledge, and zero personally identifiable information (PII) based security architecture is the way to go if we are to prevent large-scale security breaches in the future.
The recent Bitcoin hack happened from within, but now is a great time to make sure your account is locked up.
By Stan Horaczek | Published Oct 22, 2020 5:18 PM
This story has been updated.
It’s the latest of reminders. Last week a Dutch security researcher claimed that he hacked President Donald Trump’s Twitter account by using the password “maga2020!” Reports state that the US leader didn’t have two-factor authentication set up on the platform. This comes on the heels of a larger Twitter hack in July, when a number of high-profile and verified users all shared a curious message at roughly the same time. They included big names such as Elon Musk and Bill Gates. The suspicious tweets promised to double any amount of Bitcoin sent to a specific wallet ID listed in the tweet itself. On its face, it screams of a scam, but these are verified accounts for certifiably rich people—some users took a chance. Quickly, the wallet had racked up more than $120,000 in bitcoin transactions, none of which will ever be doubled or even returned.
It was a massive security breach from Twitter. The company scrambled to delete the offending tweets and investigate. For a while, all verified Twitter users couldn’t send tweets at all in an effort to prevent the fraudulent message from propagating even further and duping more folks out of crypto currency.
Early reports claim the issue began when hackers got access to an internal tool meant for Twitter employees. Twitter’s official statement claims “social engineering” played a large part in the heist, though details are still sparse from the official investigation.
Even if you didn’t lose any Bitcoins to the scam, it’s a worrying event. After all, this was a large scale-attack on one of the biggest media platforms in the world at the moment. If they can poke around inside Elon Musk’s account, why not yours?
This hack is also slightly different than those in the past. It’s not hard to imagine a famous person—or their social media handler—clicking on a phishing link or reusing a password, but that wasn’t the case this time. “It’s important to note that none of the people who owned the accounts affected this time around actually did anything wrong,” says Georgia Weidman, author and founder of the digital security firms Bulb and Shevirah. Still, this event is a good time to reevaluate your own Twitter security to try to make sure you’re not part of the next hack. Here are some tips to help tweet more securely.
Set up two-factor authentication
When someone is inside your account, they can send tweets, but they can also access your information. If they simply log in because they have your passwords, they can operate as if they’re you. As with most apps, two-factor authentication can help prevent this from happening since it puts an extra step between a hacker and your information.
The most familiar way to enable 2FA involves giving the app your phone number so it can text you a code when you log in from a new device. While this is a big jump up from no authentication, it is possible for hackers to impersonate or compromise your phone provider and get a hold of that code. According to Weidman, however, that’s pretty unlikely unless you’re a high-value target. “You’re going to be more likely to run afoul of hackers looking for sheer numbers,” she explains. “It’s unlikely they’re going to target you specifically since you’re not as valuable as someone like Elon Musk. It’s too much work.”
If you want maximum protection from 2FA, you can use a physical device such as Google Authenticator. There’s an increasing number of authenticator apps on the market, and choosing one adds another layer of decision making to the process.
Be mindful of what you send via DM
Twitter’s direct messages have never claimed to be the most secure method of communication on the web. Like Facebook Messenger, the messages aren’t end-to-end encrypted, which means anyone who intercepts them could feasibly get at their contents. But, in this case, encryption wouldn’t have helped. Since the attackers had access to the accounts, they almost certainly had access to direct messages, which would be the case with most services.
You can delete your sensitive direct messages, but that won’t delete the message from the receiver’s account. When you delete a Twitter DM, you get a dialog explaining that you’re only deleting the message for yourself and it will still show up in the other person’s account unless they also delete it. So, if they’re compromised, then so are you.
Use a password manager
By now, you may be sick of hearing about how you should be using a password manager. “Passwords should be strong, complex, and unique,” says Weidman. “It can be really difficult to keep track of 50 passwords like that, which is why you want a manager.” Check out our guide to password managers if you want to get started.
Keep your apps and operating systems updated
Security updates happen all the time when it comes to apps and even your operating system. It’s easy to neglect them because they can be time-consuming to apply. They are, however, crucial for staying ahead of hacks. “This goes beyond the apps themselves and to the platforms they’re running on,” says Weidman. “Keep your phone and computer updated.”
Delete old accounts
Remember that political parody account you set up during the 2012 election? It probably doesn’t have much in the way of security, which could make it an easy get for a hacker. If you have old accounts sitting around that you never plan to use, delete them instead of letting them sit around forever. If you don’t want to lose that content even though you’re not actively posting to it, make sure that its security settings are up to date.
Watch for weird behavior
Clicking links from accounts you don’t recognize is bad news. Clicking links from friends who are acting slightly odd is also bad news. If someone you know asks you to click on something, verify that it’s a real link—you can even text them to make sure it’s legit.
If you suspect an account is malicious or trying to trick you, report it instead of interacting with it. You don’t want to make yourself more of a target by showing your willingness to engage.
Check out the Twitter security dashboard
In recent years, Twitter has padded out its own security and privacy dashboards. Taking an occasional cruise through your settings can’t hurt. For instance, do you know what your tweet location settings are right now? If you don’t, you can dig into them here and make sure you’re not giving up more location data than you’re comfortable with.
is the senior gear editor at Popular Science and Popular Photography. His past bylines include Rolling Stone, Engadget, Men’s Journal, GQ, and just about any other publication that has ever written about gadgets. For a short time, he even wrote the gadget page for Every Day With Rachel Ray magazine. He collects vintage cameras, eats pizza, and hopes you won’t go looking at his Tweets even though the link is down there.
There’s no time like a high-profile Twitter hack to make sure you’re doing this right.
Lock down your Twitter account — and all your accounts — with two factor authentication and a unique password.
Twitter is being walloped by what appears to be a hack affecting several high-profile accounts owned by tech companies and luminaries that tweeted out scam messages promising to double bitcoin payments. As Twitter tries to sort out what’s going on, users with verified accounts are finding that the company is apparently limiting their ability to tweet or change password settings.
It’s unclear at this time whether individual users’ accounts have been hacked or whether something has gone terribly wrong inside Twitter’s systems. (Twitter began removing tweets of screenshots showing internal tools that were possibly used in the attack.) Wherever the vulnerability occurred, it’s a good reminder to use security best practices in all your accounts.
Get the CNET Home newsletter
Major hacks of celebrity accounts have happened in the past. Remember the “Fappening,” aka “Celebgate,” in which hackers used stolen passwords to breach cloud accounts belonging to celebrities and steal their nude photos, which were later shared online? Many of those accounts were breached when a hacker sent fraudulent messages to celebrities asking them to enter their passwords.
But you don’t have to be a celebrity to get caught up in a wave of hacks. Regular people saw their Ring cameras hacked in late 2018 when attackers went on a harassment spree . The hackers used a method called credential stuffing, trying out username and password combinations stolen in previous data breaches.
Whether you’re a regular Twitter user or verified, a celebrity or not, here’s what you can do to keep your accounts secured.
You might think the place to start is with a strong password, and we’ll get to that. But a strong password is worthless if it gets stolen. That’s why the first thing you should do to secure your Twitter account is to enable two-factor authentication. It requires an extra step in the log in process, and a hacker who just has your password is unlikely to be able to get through that extra step.
The strongest form of two-factor authentication is a hardware key, which are sold by Yubico, Google and others. After you enter your password on a new device or browser, Twitter will prompt you to plug your security key into a USB port and then tap it. Then, you’ll be logged in.
You can also use an authenticator app or a one-time code sent via SMS message. These methods are more vulnerable to hacking attempts than the hardware token, which a hacker would have to physically steal from you. But they can be more manageable, and they’re free. Many security experts agree that these flawed two-factor authentication methods are better than nothing at all.
Strong unique passwords
Yes, you should use a strong, unique password for your Twitter account and for every account. This is difficult to do when you have dozens of accounts, because you aren’t a robot who can memorize several strings of random characters. So consider using a password manager.
Password managers come with some hassles, but they let you avoid the mistake of reusing passwords. That’s the mistake, remember, that let hackers look and shout into the homes of Ring users. It’s worth it, and if you find it challenging to get started, ask a tech savvy friend to walk you through it.
Don’t get phished
So you’re using a strong, unique password on Twitter? Great! You still need to look out for people who want to steal it. Attackers often send messages that look like they’re coming from the service itself, whether it’s Google, Twitter, Facebook or Microsoft. A common approach is to say that there’s been suspicious behavior on your account, and that you need to re-enter your password to make things right.
Don’t enter your password. Tech companies, banks and other online services go out of their way to never ask for your password in an email, text or phone call. The method often works because it alarms users to hear there’s been suspicious activity, and they may not be thinking clearly as a result. Don’t let this be you.
Still, if you fall prey to this attack, or even if you reuse a week password, you might still be okay. That is, if you followed through on step No. 1: enable two-factor authentication.
This year alone, India has witnessed 8.6 crore cases of data breach—third highest after the US and Iran, writes Virag Gupta. (Representational photo: Shutterstock)
The 542-page report of the JPC on Personal Data Protection Bill, 2019, which was tabled in Rajya Sabha, demands greater accountability from social media platforms.
- Last Updated: December 21, 2021, 11:22 IST
- FOLLOW US ON:
A visible enemy at the border can be taken down by our vigilant security forces but in the era of new tech, the enemy has not only become invisible, it has even made super powers kneel down before it. Military hardware worth billions of dollars can become worthless in front of a teen hacker. Verified social media accounts of heads of state can be breached just like that.
Recently, the 542-page report of the Joint Parliamentary Committee on Personal Data Protection Bill, 2019, was tabled in Rajya Sabha, demanding greater accountability from social media platforms. The report, among other things, recommends declaring all social media platforms as “publishers” and having a permanent grievance redressal system in India. This year alone, India has witnessed 8.6 crore cases of data breach—third highest after the US and Iran.
Prime Minister Narendra Modi’s personal Twitter account @narendramodi was hacked for a short period on December 12. The account has more than 73 million (7.3 crore) followers. Prime Minister’s Office (PMO) swung into action and secured the account. Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology (MeitY) launched an investigation. According to Twitter, PM’s account was not compromised due to any breach in the social platform’s system. As per Twitter’s statement, they have 24X7 open lines of communication with the PM’s office and they took immediate steps to secure the compromised account. However, it is too early to say if there was no fault on the part of Twitter.
Last year in July, Twitter accounts of Jeff Bezos, Bill Gates, Joe Biden, Elon Musk and Barack Obama, among others, were hacked. A total of 130 accounts were targeted in that attack. Tweets were sent from 45 accounts asking followers to send Bitcoins to a specific address to get double the returns. After that incident, then Twitter CEO Jack Dorsey said that it was a tough day for Twitter. Twitter stated, “A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.”
Cybersecurity: 5 Easy Ways to Safeguard Yourself Against Fake Websites
Red Cross Servers Hacked, Data Of More Than 5 Lakh People At Risk
After last year’s incident, Bloomberg reported that around 1,500 employees and partners of Twitter had access to the admin tools that gave them the ability to reset accounts as had been done to hack more than a hundred accounts in July.
Coming back to the recent hacking of the Prime Minister’s account, the Parliamentary Standing Committee on Information Technology questioned MeitY officials about the incident, but they could not give details other than what was available in the public domain.
If this hack was a result of an internal lapse, the officials concerned and MeitY ought to follow a two-factor authentication protocol. If this additional security feature is enabled, the unauthorised users would need a password along with a secondary authentication.
Last year too, in September, Prime Minister Modi’s Twitter handle was hacked, asking his followers to donate to Prime Minister’s relief fund for COVID-19 through cryptocurrency.
Besides cyber security, the repeated incidents of hacking of the Prime Minister’s account throw light on three aspects vis-à-vis tech regulations in India.
First, the frequency at which social media accounts of top ministers, bureaucrats and politicians are being breached. India has an estimated 53 crore WhatsApp users, 44.8 crore YouTube users, 41 crore Facebook subscribers, 21 crore Instagram clients, and 1.75 crore Twitter account holders. In the last 11 months, India witnessed an estimated 8.6 crore cases of data breach. Last month, WhatsApp account of CEO of Odisha Computer Application Centre (OCAC), a state-run IT agency, was hacked. Cybercriminals demanded money by sending distress messages to his WhatsApp contact list.
Second, what do you do once your account is hacked? For all such offences, compulsory police FIR needs to be registered. As per the IT Act & Rules, it is mandatory for the intermediary companies to have Designated Officers in India for grievance redressal.
The IT Rules, 2021 require “significant social media intermediaries” to follow additional due diligence, including the appointment of a chief compliance officer, nodal contact person and resident grievance officer. All three officials will have to reside in India. As per news report, Facebook’s new company Meta is searching for a grievance officer and a compliance officer in India.
Thousands of hacking incidents and cyber crimes go undetected in India as police and enforcement agencies are not able to take effective action due to lack of cooperation from these social media companies. As per the new IT Rules, it is mandatory for these tech giants to provide details of their company’s Grievance Officer, Compliance Officer and Nodal Officers based in India and issue a public notice on the same as and when asked by the government.
In the digital world, it is not possible to completely eradicate cybercrimes. But social media users deserve an effective grievance redressal mechanism. Besides, it will also take some load off the police and intelligence agencies’ backs.
Third, in August 2013, Delhi High Court passed various orders in the K.N. Govindacharya vs Union of India matter. Accordingly in 2015, Department of Electronics and Information Technology (now MeitY) issued ‘Framework & Guidelines for Use of Social Media for Government Organisations’. As per the affidavit submitted by the government before the High Court, officers must ensure compliance with the provisions of The Public Records Act, 1993. For official purposes, government and other statutory/regulatory agencies working with it ought to use the NIC network since the usage of Gmail, Hotmail or Yahoo is not allowed. In the wake of hacking incidents, it is imperative that government ensures that social media accounts of government servants and public authorities are not maintained through Gmail or other private email ids. Besides posing a big security risk, it also violates law and government guidelines.
Finally, the question that we must all ask is this—who ensures the safety of the general public in this digital era when the heads of state can fall prey to cybercrimes?
Virag Gupta is a columnist and advocate. He can be followed @viraggupta. The views expressed in this article are those of the author and do not represent the stand of this publication.
If you find that your email has been hacked, one of your immediate reactions is wondering what you should next.
The answer: take a deep breath and jump into action. There are five steps can help you prevent or minimize any damage done by a compromised account.
So why do hackers go after email accounts? Fact is, t hat email account of yours is a treasure trove. There’s a good chance it contains years of correspondence with friends and family, along with yet more email from banks, online retailers, doctors, contractors, business contacts, and more. In all, your email packs a high volume of personal info in one place, which makes your email account a top prize for hackers.
Let’s take a look at how you can take back control of your email account, along with some things you can do to keep it from getting hacked in the first place.
You can’t log into your email account:
This one speaks for itself. You go to check your email and find that your username and password combination has been rejected. You try again, knowing you’re using the right password, and still no luck. There’s a chance that a hacker has gotten a hold of your password, logged in, and then changed the password—thus locking you out and giving them control of your account.
One of your contacts asks, “Did this email really come from you?”
Hackers often compromise email accounts to spread malware on a large scale. By blasting emails to everyone on your hacked contact list, they can reach dozens, even hundreds, of others with a bogus email that may include an attachment that’s infected with malware. And no doubt about it, some of those emails can look a little odd. They don’t sound or read at all like the person they’re trying to impersonate—you—to the extent that some of your contacts may ask if this email really came from you.
On the flip side, this is a good reason to never open attachments you weren’t expecting. Likewise, if you get a somewhat strange email from a friend or business contact, let them know. You may be the first indication they get that their email has been compromised.
Slow and erratic device performance:
A sluggish device could be a sign of malware in general. The thing with malware is that it tends to act like a system and resource hog, which may cause your device to run slowly, to turn off and on again suddenly, or even run hot. In some cases, the malware is logging keystrokes on your computer or taps on your phone to siphon off things like usernames and passwords so that a hacker can take control of the accounts associated with them—such as your email, not to mention your bank accounts. This makes a strong case for antivirus and antimalware protection that’s automatically kept up to date to protect against the latest threats.
What should I do if my email is hacked?
1) Change your passwords:
Change your password for your email account if you can. Make it a strong, unique password —don’t reuse a password from another account. Next, update the passwords for other accounts if you use the same or similar passwords for them. (Hackers count on people using simpler and less unique passwords across their accounts—and on people reusing passwords in general.) A password manager that’s included with comprehensive online protection software can do that work for you .
2) Use your email provider’s recovery service, if needed:
In the case where you’ve been locked out of your account because you think the hacker has changed the password, your email provider should have a webpage dedicated to recovering your account in the event of a lost or stolen password. (For example, Google provides this page for users of Gmail and their other services .) This is a good reason to keep your security questions and alternate contact information current with your provider, as this is the primary way to regain control of your account.
3) Reach out to your email contacts:
As mentioned above, a big part of the hacker’s strategy is to get their hooks into your address book and spread malware to others. As quickly as you can, send a message to all your email contacts and let them know that your email has been compromised. And if you’ve done so, let them know that you’ve reset your password so that your account is secure again. Likewise alert them that they shouldn’t open any emails or attachments from you that were sent during the time your account was compromised.
4) Scan your device for malware and viruses:
Also as mentioned above, there are several ways that a hacker can get a hold of your email account information—one of them by using malware. Give your device a thorough virus scan with comprehensive online protection software to ensure your device is free from malware. Set up a regular scan to run automatically if you haven’t already. That will help keep things clean in the long run.
5) Check your other accounts:
Sometimes one bad hack leads to another. If someone has access to your email and all the messages in it, they may have what they need to conduct further attacks. Take a look at your other accounts across banking, finances, social media, and other services you use and keep an eye out for any unusual activity.
The bigger picture: Keep tabs on your identity
More broadly speaking, your email account is one of the several pieces that make up the big picture of your online identity. Other important pieces include your online banking accounts, online shopping accounts, and so on. No question about it, these are things you want to keep tabs on.
With that, check your credit report for any signs of strange activity. Your credit report is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service , and the UK has options to receive free reports as well , along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
Beyond keeping tabs on your identity, you can protect it as well. Online identity protection such as ours can provide around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance in the event your identity gets compromised. Additionally, it can put an identity recovery pro on the case if you need assistance in the wake of an attack or breach. Taking a step like this can help keep your email account safer from attack in the first place—along with many others as well.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
We’re here to make life online safe and enjoyable for everyone.
Losing access to your account can be stressful, but there are steps you can take to get it back – and to avoid getting hacked again
Many people who use social media are fans of the blue network, and by blue we mean light blue with a bird and character limit of 280 characters. Tomorrow, Twitter celebrates its 14 th birthday and undeniably it has had an impact on our digital lives since its launch. Some people use it as a way to keep up with their favorite celebrities, others to have a quick overview of world affairs, while most usually use it to share opinions with their friends and the world in general.
But what if your Twitter account gets compromised or hacked?
How did I get hacked?
Everyone is a target – from celebrities to regular people. Even Jack Dorsey, Twitter’s CEO, has had his account compromised although in his case, the bad actors gained access using a SIM swapping attack. Criminals sometimes also have access to databases of previously compromised accounts on other services; these include emails, usernames, and passwords.
The now-defunct LeakedSource was one such repository from which hackers were able to obtain the information by running a username through it. If they can get back an email and previously used password, they try their luck with your Twitter. The accounts of Keith Richards of the Rolling Stones and Justin Bieber’s producer Dan Kanter were hacked this way.
Alternatively, this method could be used for credential stuffing: the hackers would use bots to hammer the site with login attempts until they stumble upon the right combination. Since people often recycle their passwords, which makes the job of the ne’er-do-wells simpler.
You also could have fallen victim to a phishing campaign. It’s nothing to feel ashamed about; it happens sometimes, and phishing scams have gotten more complex. The scammers may have sent you an email with a link that redirects you to a website that looks exactly the same as Twitter, asking you to log in. By trying to log into this counterfeit Twitter, you essentially handed them the keys to your Twitter kingdom.
What are the signs that I was hacked?
The most obvious sign that you were hacked is that you’re locked out of your account. And by locked out, we mean you have been logged out of every device you’ve been using Twitter on and you can’t log in, no matter what you do or how hard you try.
Your first course of action is to try to change your password, by requesting an email from the password reset form; if you can get in, great: you can then perform a security audit. If you can’t get in, then you have to contact Twitter’s official support and hope they’ll help you recover your hacked account.
Besides getting hacked and locked out, your account can get compromised. There are a variety of telltale signs that may raise alarm bells. You may notice Direct Messages (DMs) you haven’t sent or tweets you didn’t write; your account may have followed or unfollowed accounts unbeknownst to you or even have blocked people. Twitter may alert you that your account has been compromised or that changes have been made to your account information, but you didn’t have a hand in that … those are all alarming signs.
There’s a number of things Twitter recommends that you should do immediately. Start with changing your password, then make sure your email account is secure; you should also revoke access to third-party applications that you don’t recognize and update your Twitter password in your trusted third-party applications. You can also take a peek at Twitter’s own security tips.
How not to get hacked again
Once you’ve gone through a compromised or hacked account scare, you probably want to lower the chances of that ever happening in the future. The simplest thing to start with for a more secure account is by creating a new stronger password, or if we might suggest, a strong passphrase. Just make sure that you haven’t recycled that passphrase for another account, since that makes it easier to compromise.
If you’re not a fan of holding all the passwords in your head, then a password manager could be a solution to your problems. You should also double down on your security and start using two-factor authentication (2FA), since adding an extra layer of security makes it harder for bad actors to invade your account.
Twitter supports a variety of 2FA options, such as authentication using text messages, hardware tokens or even software tokens. Actually, you shouldn’t use 2FA to secure only your Twitter account, but apply it as well to every non-Twitter account that allows the option. You can read up on the ins and outs of 2FA in our article.
On the eve of Twitter’s anniversary, we hope you didn’t get hacked, and that the suggestions we’ve made will help you take preventive measures to secure your account rather than reactive ones.
Twitter is facing its biggest hack in recent memory. What went wrong?
Twitter’s history of password security could reveal how hackers compromised the popular social network so overwhelmingly on July 15, 2020 — a date of great significance to the company. Is Twitter secure? And are other websites and online services any better? The answer may lie in the way some of the biggest companies on the planet store our passwords.
What happened? On Wednesday afternoon, Kanye West, Jeff Bezos, Apple, the official Bitcoin account, and dozens of other influential celebrities, influences, and companies all posted the same message on Twitter, asking followers to send Bitcoin to a unique virtual wallet with the promise that “all Bitcoin will be sent back to you doubled.”
It’s unclear how all of these accounts were hacked simultaneously, but some have wondered if the culprit could be a coordinate attack against Twitter’s central password servers, as opposed to many individual phishing attempts. But while it’s true that Twitter (and most websites) store user passwords in a single place, that doesn’t mean those passwords can be hacked.
How does Twitter protect passwords?
Twitter’s website offers basic information about how users should protect their own passwords, including that the company will never “contact you asking for your password” and that you should “select third-party applications with care.” But assuming you keep your password a secret, what does Twitter do with that information?
In 2018, Twitter was forced to admit that it had corrected a bug which caused it to store all user passwords in plain, readable text on its server. The company fixed the mistake, confirming that all stored passwords were hashed using bcrypt. (Hashing is the process of scrambling text with an algorithm that can’t be undone, meaning that even if the hashed passwords are stolen, the hacker would still need to try every possible combination of the characters until they found the correct one.)
At the time, Twitter said that it found no breach or misuse of the plaintext password server. As a result, the company opted not to force users to change their passwords, instead asking them to “make an informed decision about their account.”
Twitter isn’t the only company to face this issue. In 2019, Facebook revealed that it had stored hundreds of millions of user passwords in plain text for multiple years. However, it also claimed that this data was never breached or misused.
So, is Twitter secure?
Twitter currently hashes its passwords, meaning that even if those passwords were stolen it would be a huge undertaking to unscramble them to pull off a coordinated attack of this scale. So it seems equally likely (if not more so) that Wednesday’s hack was the result of a long and carefully orchestrated phishing attempt, similar to comparable Twitter hacks in the past.
That said, some experts have argued that the act of simply storing passwords in a central location attracts potential hackers. In 2019, Rolf Lindemann, senior director for products and technology at authentication solutions company Nok Nok Labs, told TechNewsWorld that he believes attacks on central password servers are more common than you may think.
“When passwords are stored on central servers, those servers become a nice attack target,” he said, adding. “Billions of passwords have been stolen from servers already.” (Inverse reached out to Nok Nok Labs for comment on the Twitter hack and will update this article if we hear back.)
Ultimately, the great Twitter hack of 2020 could mean several things for Twitter’s security (and internet security in general). Maybe Twitter’s plaintext password bug of 2018 had bigger implications than the company realized. Maybe this is just the biggest phishing attack in the history of the internet. Or maybe password hashing isn’t as secure as the industry thought.
Not sure where to start with Twitter? Head to www.twitter.com/search. You don’t even need an account to use Twitter Search, unless you want to follow people or post tweets. Type in a keyword, phrase or hashtag (see below for a list of education-related hashtags). You can scan through the search results that appear for interesting conversations and links. Looking for interesting people to follow? Choose the “Accounts” link from the top bar in the search results page, and you’ll be presented with a list of other Twitter users you can follow.
2. Choose a Recognizable Username
You want people to be able to find you, so use your real name and try to get a username that is also your real name or close to it. If you have a common name, you may need to use a handle that is close to your name, your blog, or your profession.
3. Post a Photo and Bio
Twitter is social, so it’s a good idea to let people know who you are and what you’re all about. When you create your Twitter account, post a photo (ideally of yourself, or the logo for your department if it’s a College-affiliated account), and write a short bio. Include a link to your web site as well. If you don’t have a web site and you’re using a personal Twitter account, consider posting a link to your LinkedIn profile. When someone visits your Twitter profile, they will have an idea of who you are and what you do, and may decide to follow you if what they find is interesting.
4. Learn from Others
One of the best ways to learn how to use Twitter is to watch what others do, and emulate the things that are done well. Here is a list of 100 professors you can follow and learn from on Twitter.
5. Be Consistent and Conversational
The people who get the most from Twitter are the people who interact on Twitter. Post new tweets regularly (a few times a day is a good place to start), and don’t just promote yourself — share interesting content and links, retweet others, and have conversations. Stuck for something to say? Ask a question — questions are always great conversation starters and the Twitter community is always happy to chime in and help continue the conversation. Can’t remember to tweet? Use a dashboard tool such as HootSuite to schedule your posts.
6. Follow to Be Followed
Twitter can be kind of a lonely place when you first start out. The best way to gain new followers is to follow interesting people. When you follow someone, it’s like a handshake — the user you follow will receive a notification that you’ve followed them. You can follow that handshake up with a friendly “hello”, and the person you follow may be inclined to follow you back. Don’t be shy to introduce yourself to others on Twitter — it’s how some of the best connections are made.
7. Protecting Your Tweets
You have the option to keep your Twitter feed private. This can be useful if you only want your students to be able to see your Twitter updates. When you choose to protect your tweets, people have to request to be able to follow you. This way you can keep track of who is following your Twitter feed. However, if you are interested in connecting with the Twitter community at large, with colleagues and other users you find interesting, keep your tweets public so that anyone can have the opportunity to interact with you.
To protect your tweets:
- Select “Settings” from the drop down menu that appears when you hover over your avatar on the top right of your screen.
- Select “Security and Privacy” from the left sidebar.
- Check the “Protect my Tweets” checkbox.
- Select “Save Changes”.
8. Oh No! I’ve Been Hacked!
It happens to the best of us — occasionally, Twitter accounts fall prey to hackers. Here are some signs that your account may be compromised:
- You see unexpected tweets by your account that weren’t made by you
- You see unintended direct messages (DMs) sent from your account that weren’t created by you
- You notice account behaviours you didn’t make or approve (like following, unfollowing or blocking), or you receive a request to authorize a third party app that you didn’t sign up for to use your Twitter credentials.
- You receive an email notification from Twitter stating that “You recently changed the email address associated with your Twitter account” even though you haven’t changed your email address.
What to do if your account has been compromised:
- Change your password immediately from the Password tab in your Twitter account settings. Select a strong password that you haven’t used before. You can get a strong password using this Strong Password Generator.
- Revoke connections to third-party applications. Visit the Apps link in your Twitter Settings and revoke access to any third-party applications you do not recognize.
- Update your password in your trusted third-party applications. If an external application uses your Twitter password, be sure to update the password in that application, otherwise you may be temporarily locked out of your account due to failed login attempts.
- If, after changing your password and revoking access to untrusted third party apps, you’re still having difficulty, contact Twitter Support for further assistance.
- If your account sent a lot of tweets or Direct Messages when it was compromised, post a tweet to your followers letting them know that your account is now secure.
- You may want to consider unfollowing accounts that exhibit suspicious activity or have sent you spam.
Protect Your Account with These Simple Precautions
The accounts could have been hacked due to malicious link being clicked by the handlers of the account or the password being compromised
Representational image. News18
The Twitter accounts of the Indian Medical Association (IMA), Mann Deshi Mahila Bank (a micro finance bank) and the Indian Council of World Affairs (ICWA) were hacked on 2 January. The incident comes weeks after Prime Minister Narendra Modi’s Twitter account was hacked.
According to India Today, the hackers renamed the handles as “Elon Musk”. Several tweets promoting cryptocurrency were posted on the accounts, which even re-shared several of Musk’s tweets. While the ICWA’s Twitter account was recovered, the malicious tweets were still visible on the IMA and Mann Deshi Mahila Bank’s Twitter handles.
As per an India Today report, the accounts could have been hacked due to malicious link being clicked by the handlers of the account or the password being compromised.
The IT security group of the Ministry of Electronic and Information Technology, CERT-IN, is looking into the hacking of the accounts.
The ICWA, which has the Vice-President as ex-officio president, is an “Institute of National Importance”.
The incident comes after PM Modi’s account “was very briefly compromised” on 12 December last year. The account posted a tweet claiming that India had adopted bitcoin as legal tender and also claimed that the country had brought 500 BTC and was going to distribute it among residents.
The Prime Minister’s Office later said that after the matter was escalated to Twitter, the account was secured. The incident also prompted several Opposition leaders to express their concerns, adding that Modi’s account being compromised reflects gaps in the country’s cyber security. Following the hacking, politicians also questioned if the Aadhaar data of citizens was safe.
Twitter spokesperson told ANI that the social media giant’s probe revealed that there were no signs of other impacted accounts at that time.
In July 2021, the All India Majils-e-Ittehadul-Muslimeen’s (AIMIM) official Twitter account was also hacked. The name of the handle was altered to Elon Musk and the profile picture was changed to an image of the Tesla CEO.
Read all the Latest News, Trending News, Cricket News, Bollywood News,
India News and Entertainment News here. Follow us on Facebook, Twitter and Instagram.
Updated Date: January 03, 2022 15:16:17 IST
Has your Twitter account ever been hacked?
Mine has. and it sucks!
I don’t want it to happen to you — so I put together 5 essential steps for how to keep your Twitter account secure.
Almost everyone gets hacked at one time or another. It’s a fact of life on Twitter!
For example, people are always trying to access my account. I get tons of fake emails — all asking me to reset my password or give it out.
There’s nothing worse than working your butt off to build a following on Twitter then getting locked out of your account because it got hacked!
So here are 5 essential steps for keeping your Twitter account secure.
CAUTION: Keep Your Twitter Account Secure With These 5 Essential Steps
1. Create Strong Passwords
Here are some password tips from Twitter:
- Create a password that’s at least 10 characters long
- Use a mix of numerals, symbols & upper case & lower case letters
- Use a different password for each website & email
- Keep your password in a secure place
- Use a password management tool to keep passwords secure
I use 1Password for storage & to generate new passwords.
2. Use Login Verification
Don’t just rely on your password!
Twitter provides 2-step verification to make sure only you access your account.
>> Click to Tweet When you log in, Twitter can send a notice like this to your mobile phone:
You must enter the correct verification code to access your Twitter account. Use your Security settings on Twitter to activate the verification requests.
3. Watch Out for Phishing
Scammers will try to access your private information using tweets, emails & direct messages on Twitter — a practice known as “phishing”.
They may tell you your Twitter account’s been hacked & instruct you to change your password immediately.
They might claim that you’ve won a contest & all you need to do to claim your prize is log in to your Twitter account.
Don’t fall for these tricks! Don’t EVER give out your Twitter password.
>> Click to Tweet I once received an email from someone claiming he worked for Twitter & needed to verify my account. He asked for my password. I didn’t fall for the ruse!
And this tweet came in a few days ago. I’m sure they would have asked for my password at some point.
4. Be Wary of 3rd-Party Apps & Websites
Do you plan to use your Twitter account to register for 3rd-party websites or apps?
Doing so gives the apps limited access to your Twitter account.
So beware. and if you experience anything sketchy, immediately remove the app from your account.
5. Protect Your Phone
One of the best ways to keep all your social media accounts secure is simply locking your smartphone with a password.
Hackers can get past government security systems, gain access to corporations’ internal programs, and leak tightly held corporate financial information. It makes attacks on phones and social media accounts seem like a hobby.
In recent years, celebrities’ social media accounts and personal photos have also been a regular target of hackers. You would think that with all of their security personnel, celebrities would be better protected.
But when it comes to creating unhackable passwords, especially for their social media accounts, they are just like us-bad at it!
Here are a few times celebrities were hacked and what you can do to stop the same from happening to you.
Britney is a hacker favorite. She was the object of many hackers’ work several times over the last decade. One of the most memorable attacks was when Spears claimed to worship the devil.
The hacker tweeted, “I hope that the new world order will arrive as soon as possible! I give myself to Lucifer every day for it to arrive as quickly as possible. Glory to Satan!”
Britney usually tweets about music and her performance schedule. So the Lucifer messages were very off-brand for the pop star, making it obvious that she was hacked.
Sometimes, hackers are trying to influence people’s decisions. In the case of the band Sonic Youth, the hackers may have just been trying to get the band back together
Sonic Youth hadn’t played a live show in five years when they told their followers via Twitter about an upcoming concert in Central Park. Fans were disappointed to find out that their Twitter account had been hacked and that there was no show.
A hacker gained access to previously unreleased music from Radiohead. In this instance, the hacker was after personal gain. He threatened to release all of the songs unless the band paid him $150,000.
Instead of paying the ransom, Radiohead countered by releasing the music themselves. It was allowed to be streamed online for free for 18 days. Fans could also purchase the music on Bandcamp with all of the proceeds going to a climate protest organization.
Defend Against Hackers
Everyone (not just celebrities) who uses a smartphone, social media, the cloud, or the internet should have security measures in place to protect their data. Here are a few simple ways you can stay safe.
Strengthen Your Passwords
It’s a basic tip, but important nonetheless. Make your passwords difficult, if not impossible for someone to guess by making them longer and more complicated. Passwords that are related to your name, birthdate, your kids’ names and birthdates, or your pets’ names are obvious easy targets for hackers.
Try using phrases, numbers, and different characters such as exclamation points and question marks in passwords to make it hard for hackers to figure out. Strengthening your passwords will increase your digital safety.
Create Unique Passwords for Each Account
Twitter co-founder, Evan Williams, used the same or similar passwords for his Foursquare and Twitter accounts. Hackers were able to guess his Foursquare password and then tried the same password on his Twitter account. They were successful – both times.
Create new, unique passwords for each of your email, social media, and bank accounts and any other accounts you may have. Do this sooner rather than later. If you use the same password for every account you risk being hacked several times over.
Otherwise, you can join the “we used the same password for everything club” along with Evan Williams, Drake, and Mark Zuckerberg. The celebrities each had several accounts hacked into because the hacker figured out one of their passwords.
If you feel there is no way to come up with unique passwords for all of your accounts, then you can try a password manager. Password managers such as LastPass or Dashlane, typically come with a password generator that will generate and safely store all of your passwords.
Safely storing your password list is key. If you have a list of passwords that you carry around with you, your chances of getting hacked increases if the list is lost or stolen.
Change Your Default Password
Your phone probably came with a default password – something like 0000. If that’s still your passcode, or it’s something like 1234, change that right away. You probably wouldn’t keep a padlock’s code as 0000.
It’s the first combination that a thief would try. The same applies to anything with a preset code or password. Change it.
Use Anti-Virus Software
Anti-virus protection is a necessity. Whether you use free software or a paid service like Norton or McAfee, you should have some kind of anti-virus system.
These types of software give you a layer of protection that can prevent hackers from finding private pictures, videos, financial information, and more.
Check Your Cloud Settings
Some smartphones can upload your pictures, videos, and documents onto the cloud. This is a handy feature for when you want to store pictures without having to upload them individually or make documents easy to access from anywhere.
Keeping private pictures and videos on your phone is risky. If your phone is stolen or cloned, so are your pictures. But the cloud may not be the safest place to store information that you’d like to keep private.
Several celebrities have had their personal (nude) photos stolen from either their phone or cloud-based storage systems. Selena Gomez deleted her Instagram account after pictures of Justin Bieber were stolen and shared online by a hacker. Vanessa Hudgens, Kylie Jenner, and Jennifer Lawrence (to name a few) all had similar experiences.
If you’re worried about hackers gaining access to sensitive materials, check your cloud settings to see whether your phone is automatically linked to the cloud. If so, you can easily change this on your phone or computer’s settings to disconnect the two.
If you like the idea of storing information seamlessly in multiple locations, you can remove specific items from the cloud and strengthen your passwords.
Update Your Software
Yes, those little reminders to update your software can be annoying, but they’re important. When you see a pop up on your phone or laptop to update to the latest version of your device’s software, do not ignore it. These updates and patches are put in place for a reason.
Software developers may have detected weaknesses in their system and have made updates to keep you safe from hackers. If a company has detected software vulnerabilities, you can bet that hackers have as well. Update your software to stay current and safe from hackers.
Test the System
If you’d like to take things a step further, test your own security system. You can learn ethical hacking skills to view your data from a hacker’s perspective so you can spot the weaknesses and vulnerabilities leaving you susceptible to hacking.
The More You Know
Now that you know what you can do to protect yourself from hackers, you’ll be able to apply these tips to your own devices or even take these tips to the next level and protect others’ data, too. You can utilize ethical hacking and cybersecurity knowledge to help protect friends and family from hackers or work with nonprofits, major companies, and governments to protect them from hackers.
We can’t all be celebrities, but we can avoid being hacked like one.
For decades the traditional, and not entirely secure, way to log into accounts has been to enter in your username and your password. The same password that you likely use for many if not all of your online accounts. The problem is that many of us are using the same password, or a variation of the same password, for all of our accounts.
This can create what is known as a password domino effect . All it takes is for a hacker to crack one password and they’ll be able to potentially take down several of your accounts all at the same time.
The global increase in password thefts has raised many a concern for organizations. Each of these concerns can be addressed with the implementation of multi-factor authentication (MFA).
MFA is a security solution that more organizations are choosing to focus on to help protect their users for a more streamlined user experience.
Helping to secure your bank accounts, payment accounts, social media accounts, and access to other types of systems and accounts can be taken a step further than by using that single password for each of them.
Just what is MFA?
Multi-factor authentication is an automated electronic authentication method that asks the user to provide more than one type of identity verification before they can gain access to a network, an app, or a website. If a password is stolen, data can be protected because would-be hackers will not be able to easily gain access to the system.
Even if you aren’t familiar with what MFA is in terms of online security, there are good odds you’ve used it in one form or another. As an example, consider when you’ve used your ATM card to withdraw cash. You’ve entered a PIN as a secondary way to access your account.
MFA is often referred to as two-factor authentication or 2FA. It is a way to enhance security by giving you the ability to prove that you are who you say you are, with additional credentials beyond the password.
The credentials that you use could fall into three categories or factors.
- Something you are. A fingerprint, retina scan, or GPS location.
- Something that you have. A digital token or device, or your smartphone.
- Something you know. A PIN or a password.
Your credentials will need to come from two of these factors to get the enhanced security benefits. Entering two passwords or using two digital tokens will not be thought of as multi-factor. Your password will need to be combined with a secure code that is delivered to your smartphone, or even with a fingerprint.
Some systems are designed to remember your device as the second factor. Whether it’s your smartphone or your laptop, it’s generally an efficient process.
What are the benefits of using MFA?
There are several key benefits to using MFA. The benefits extend to the user and the business both.
- MFA adds an extra layer of security over simply using a password. Multiple security layers can help to verify that the user seeking system or app access is who they claim to be. If a hacker steals a password, they will not be able to log into the account without verifying identity using another method. For a business, MFA can help to build and maintain user trust.
- MFA is a valuable tool that can help to protect consumer information from the risks of identity theft. With the implementation of MFA, the traditional security methods are supplemented by that extra layer of protection. A cybercriminal will face more of a challenge to crack the MFA if they try to reset a password, as the time-based one-time password ( T OTP) used to reset the account will typically be sent via an automated call or text message.
- MFA can also be a mechanism to meet compliance protocols in certain industries. Consider the requirements of the Payment Card Industry Data Security Standard (PCI-DSS) that require MFA to be implemented in some cases to help to prevent unauthorized access to systems.
- MFA is a non-invasive experience for both the user and the organization that has implemented it. Users tend to prefer efficient and frictionless experiences. If it is difficult for them to integrate a new security method, they may simply not take part.
MFA adds that next-level security that users demand, and businesses need.
Should you use MFA?
Cybercriminals are constantly evolving their methods, to stay ahead of many of the security tools that are established today. Between pharming, phishing, and keylogging, cybercriminals can gain access to sensitive information and those passwords.
Any one of us can find ourselves falling victim to these cyberattacks on our online security. It’s not just the individual. Large enterprises, particularly web-based services, have seen an increase in data breaches.
The use of MFA will help to protect and add an extra security layer for the organization, while also providing the user with the validation that their data is being protected with an extra layer of security.
MFA can help to provide that extra layer of security, making it difficult for cybercriminals to log in using your credentials. Your private information is safer because the cybercriminal will need to have both your password and your smartphone. You may not notice immediately if your password has been stolen, but you will certainly notice if your phone has been stolen.
Putting a stop to all online crime is a nice goal to have but it’s not realistic. Simple steps can be taken to implement boosted security measures that can greatly help reduce the potential for you becoming the next target of a cybercriminal.
The truth is that the traditional password is no longer as secure as we need it to be. Hackers have found countless methods of gaining access to credentials and private accounts. It is also sadly true that many of us are still using weak passwords. According to research from NordPass , in 2020 some of the most commonly used passwords around the world were still password or 12345. While you may think that these are so commonly used that no one will guess them, it will take a hacker less than a second to access your account.
Check how secure your password is ! Is it time for you to update it?
The good news for all of us is that MFA can effectively put a lid on the risk to your account. Because your identity needs to be verified using multiple methods, cybercriminals can’t easily gain access to your system or account even if they do manage to get your password.
Looking for more information? Start a conversation with a knowledgeable member of our team!
© 2022 ZenKey LLC. ZenKey is a trademark of ZenKey LLC. All rights reserved
AT&T, Globe logo, DIRECTV, and all other DIRECTV marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
If you believe you have been hacked or a company that is hosting your account has been hacked the most important thing you should do is change your passwords.
Reset your passwords
Your account and account details are what most hackers want. If you cannot log into your account, try resetting your password. If resetting your password does not work, or the e-mail associated with the account no longer works look for an account recovery option. If all options fail to reset the account, you must contact the company to have them intervene.
When changing your password keep the considerations below in mind:
- A password should never be easy to guess. Passwords like 1234, password, etc. are easy to guess.
- Don’t use passwords that you’ve used in the past.
- Passwords should have letters, numbers, spaces, and other characters.
Note: If you are using the same password for other accounts (which is not advised) you need to change your other account passwords to a different password. Once a hacker determines your username and password that information is stored and often shared and can be used to compromise other accounts.
Tip: If you have a difficult time remembering all your passwords use a password manager to store them safely.
Check your machine
If the company your accounts are hosted by did not notice or mention a security breach, it’s possible you or your machine have been the source of the attack. Make sure to scan your computer for any spyware and malware that may be stealing your account details or logging your keystrokes.
Tip: If malware is found on your computer you may want to reset your account passwords again, as infections may have logged your new password.
Verify account details
After all of your passwords have been changed if your accounts have any shipping information make sure the shipping information is still your address.
If the account authorizes any third-party programs or apps (e.g. Facebook and Twitter) make sure no third-party apps have rights to your accounts that you haven’t given permission. Best advice is to delete any app you are unfamiliar with or do not remember installing.
Let your other contacts know about the hack
If your e-mail account or any account with contacts is hacked, let your contacts know about the hack. Hackers often gain access to other accounts by using affiliated accounts since people are not as suspicious of e-mails coming from someone they know.
Verify past posts
If your social network (e.g. Google+, Twitter, or Facebook) has been hacked make sure there are no posts or messages that have been made on your behalf. Social network accounts are hacked to help spread spam, malware, and advertisements on your behalf.
New accounts setup
If a hacker gains access to your e-mail, they often use your e-mail address as a way to setup new accounts. Check your inbox, sent items, and trash for any new account notifications using your e-mail address. If new accounts have been created, you can try logging into those accounts by using the reset password feature and then delete the account.
By Zoe Kleinman
NHS executive Helen Bevan had her two Twitter accounts, with nearly 140,000 followers, stolen by hackers and used to promote fake PlayStation 5 sales.
She now has the accounts back but has received dozens of messages from people who fell for the scam.
Ms Bevan also paid money to someone who said they could help – but they turned out to be a scammer too.
She said she wanted to highlight the importance of extra security measures.
NHS Horizons chief transformation officer Ms Bevan mistakenly thought she had activated two-factor authentication (2FA), which requires account-holders to use two methods to log in, the second often involving a code sent by text or email.
However providing those contact details does not automatically activate 2FA, so the hackers were able to simply change the email address and phone number she had linked to the accounts once they had cracked her password.
One was a professional account with 97,000 followers discussing Ms Bevan’s work, and the other one was about her cat, a local “celebrity”, which was followed by 36,000 people. The hackers deleted all of her original tweets, unfollowed the people she was following, and renamed the accounts.
It happened the day before Ms Bevan was due to lead an online event for thousands of people, and she had encouraged her audience to use Twitter as their discussion tool.
Facing this pressure, she felt panicked that her own account was not under her control.
“I was the social media heartbeat of this event, I didn’t know what to do,” she said.
“Someone said, ‘You have a basic choice, you can wait for Twitter to give your account back or you can find someone to help you.'”
As her friends and network were tweeting about the hack, offers of help flooded in and she chose someone who promised to have the accounts back within 25 minutes in return for a fee of ВЈ110.
“I don’t think he did anything, he kept sending me films of computer files whirring, saying this is me doing your work,” she said.
“Then he said he had got it back, but Twitter had changed the verification and he needed an extra $100, then he wanted a service chargeвЂ¦ they prey on desperate people.”
She did not pay anything further and accepts that the money she handed over is lost.
After two days, Twitter itself restored the accounts for her.
When she accessed them, she found dozens of direct messages from people asking about PlayStation 5 orders.
She says she has no idea how many fake sales were generated by the scammers but the PS5s were being advertised at upwards of $450 (ВЈ320).
“They were following Walmart, Dixons, PC World, Target,” she said.
“They would wait for them to tweet about PS5s and then reply, saying we’ve got PS5s in stock now, DM [direct message] me.”
There were also Fleets – temporary Twitter posts – featuring photos of PlayStation boxes.
Ms Bevan later had to explain to all who messaged her, having paid for games consoles, that she was also a victim of the scam.
She said she wanted to share her story as a warning to others.
“There are things I now know that I wish I’d known – everybody should have two-factor authentication, it’s absolutely critical that you put that on,” she said.
“Also, under no circumstances, even if you’re desperate, do not go to one of these services that claim they’ll get your account back in 30 minutes and stuff – I think they’re likely to be a scammer.
“The only thing you can do is go through Twitter. Do it one step at a time.”
Lisa Forte, from Red Goat Cyber Security, said having all the security settings enabled on all social media accounts is “absolutely essential”.
“This means using a complex and long password, turning on two-factor authentication and, in the case of Twitter, enabling the password-reset protection setting,” she said. “Attackers are looking for easy targets. They have amazing eco-systems of businesses that allow them to take over your account, lock you out and then charge you to gain access back again.”
Home working increases cyber-security fears
- PM Narendra Modi’s account hacked
- Hackers targeted PM’s account
- You can keep your account safe
According to Twitter, if users have given their username and password to a malicious third party app or website, if your Twitter account is unsecured due to Week Password, if a virus or malware is collecting passwords on your computer or if you are on a compromised network If so, your account may have been tampered with. Unexpected updates are not always the reason why your account was hacked. Sometimes there may be a bug in the third-party app, which can lead to strange behavior. If you notice any strange behavior you should immediately change your password or cancel the connection, its app will not have access to the account. If you are also going through the same situation then how do you know if your Twitter account has been hacked or not. Here we are telling you all the ways to avoid this type of situation.
How to know if Twitter account has been compromised?
- If there is an unknown tweet from your account.
- See Direct messages sent from your account.
- Other account-related transactions that you have not approved. (like following, unfollowing and blocking)
- Receive notifications from Twitter that your account has been compromised.
- Receive a notification from Twitter that your account information has been changed, which you have not changed.
- Or you can login to Twitter and your password stops working and you are asked to reset it.
- If you have seen any such activity with your Twitter account, your account may have been destroyed.
how to secure twitter accountIn such a situation, you can take these steps.
Change Twitter Password:
In such a situation, you should go to Settings and change your password immediately from the Password tab. If you are logout then go to login immediately and click on forget password to reset your password. In this case, you should choose a strong password, which has not been used before. If you can’t login, your account may have been hacked.
Confirm that your email address is secure: You should confirm that the email address linked to your account must be secure and that only you can access it. You can change your email address by going to the Twitter key app on a smartphone or iPhone, or by logging into twitter.com and going through the Account Settings tab.
End connection with third-party app: While logging in, you have to go to the apps in your settings. Now you have to remove access for all third-party apps that you are not aware of.
Update your password in your trusted third-party app: If a trusted external app uses your Twitter password, update your password in that app. Otherwise, your account may be temporarily blocked due to repeated failures in the login process.
Let us tell you that by following all these steps, your account should remain secure and you will not face any kind of unexpected behavior. If you are still facing these type of problems then you can request for support.
Apple’s Twitter account has been breached by bitcoin scammers who have also hacked the Twitter accounts of Tesla CEO Elon Musk, Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates, and more.
Apple users should be careful not to believe the fake tweet, which is a scam to collect bitcoin. Twitter has been deleting the fake tweets, but the scammers who have breached the accounts have been repeatedly posting them.
The tweet that was posted on the Apple Twitter account has since been deleted. Given the number of high profile accounts that have been breached, the hack may have originated from a Twitter security vulnerability.
Apple does not actually use its official Apple Twitter account on the platform, reserving it for sending out reminders ahead of events and advertisements.
Update: Twitter says that it’s looking into the security breach and will provide an update after implementing a fix.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly. — Twitter Support (@TwitterSupport) July 15, 2020
Update 2: Twitter appears to have disabled all tweets from verified accounts, so no one with a verified account is able to tweet at this time.
We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience. — Twitter Support (@TwitterSupport) July 15, 2020
Update 3: Most verified Twitter accounts are now once again able to tweet. Twitter is still working on fully fixing the issue.
Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible. — Twitter Support (@TwitterSupport) July 16, 2020
Share this article:
Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.
Dutch ethical hacker Victor Gevers claims it only took five attempts to guess the password to President Donald Trump’s Twitter account — “maga2020!”.
That’s all he needed to hijack the @realdonaldtrump handle, according a report from Dutch newspaper de Volksrant, because it lacked even the most basic two-factor authentication (2FA), exposing major flaws in the digital security surrounding the President.
While Threatpost has not been able to independently verify the veracity of Gevers’ claim of the Oct. 16 hack of Trump’s Twitter, several professionals have analyzed screenshots and vouch for their authenticity, according to Dutch magazine Vrij Nederland, which added that Gevers works for the Dutch government by day and runs the ethical hacking GDI Foundation in his spare time — and so is well regarded within the country’s security community.
Twitter Safety & 2FA
Twitter, however, said it is dubious about the report.
“We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today,” a Twitter spokesperson said in a statement responding to Threatpost’s inquiries. “We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
An announcement on Sept. 17 from Twitter Safety said the company was sending in-app notifications “requiring” or “strongly recommending” enhanced security measures, including a requirement for a strong password, to members of government and journalists in the run-up to the election.
The policy goes on to “strongly encourage” these accounts enable 2FA but does not say it’s a requirement.
2FA requires users have a one-time generated code, sent by email or text, which needs to be entered to login. This keeps bad actors from accessing the account even if they have the username and password.
Duty to Report
Gevers said that after he successfully hacked the president’s Twitter account he went to great lengths to report the vulnerability, sending emails, screenshots and social-media messages to various U.S. government entities through Twitter, Parler and other platforms, de Volkskrant reported. Days later, he found the 2FA to be in place and two days after that, he received a friendly email from the Secret Service thanking him.
While that didn’t do much to explain how it came to be that Trump didn’t have basic protections on his Twitter account, Gevers speculated to de Volkskrant that it has something to do with his age, adding, “…elderly people often switch off two-step verification because they find it too complicated.”
This isn’t the first time Gevers was reportedly able to commandeer the infamous Twitter handle. In 2016, he was part of a group of self-described “grumpy old hackers” who accessed Trump’s Twitter account by guessing the password “yourefired,” Vrij Nederland reported. The group tried to alert team Trump that, “he had his digital fly open,” with no response at the time, Vrij Nederland added.
Gevers told de Volkskrant that it was recent headlines about presidential candidate Joe Biden’s son, Hunter Biden being hacked that inspired him to start spot-checking accounts for U.S. political figures.
“Doing spot checks, that’s my work: Look for any leaks in security,” he said. When he got to Trump’s account, he tried a few variations, expecting to get locked out after the fourth failed attempt, instead he hit the jackpot on try number five, according to de Volkskrant.
Gever’s reaction, according to Vrij Nederland? “Not again!”
Election & Data Security
This report comes at a time when U.S. law-enforcement officials warn Russia and Iran are actively engaging in election interference through hacked voter-registration information.
Cybercriminals are “going after the minds of the American people and their trust in the democratic institutions that we use to select our leaders, “Matt Olney, director of Talos’ Threat Intelligence and Interdiction at Cisco told Threatpost this week.
The good news is that the public is getting smarter about information security.
“Everybody has a role in election security,” Olney explained. “And that includes the election community who have gone at that problem aggressively over the last four years; [and] the public, which has largely adopted a more skeptical eye towards information as it comes out, for better or worse.”
The question is whether our most high-profile leaders will follow suit.
“But politicians also have a role, and they have to ensure that they are not handing victories to our adversaries,” Olney said.
Reta Ismail CTV News London Reporter
An official-looking notification that was actually a phishing attempt.
LONDON, ONT. — You don’t think it is going to happen to you. Especially since you have reported on this exact thing. Phishing. An online scam or cyber attack, that uses a fake email account, pretending to be a reputable company, in order to take your personal information such as your password.
But it happened to me. Yes, I should have known better. I too can’t believe I fell for this scam. But I did, and I am writing this to hopefully prevent it from happening to someone else.
It was a Wednesday morning, in the middle of a COVID-19 quarantine. For our family, this meant I was making breakfast, while my toddler was on my personal iPad watching ‘The Wiggles,’ and my six-year-old son was watching a cartoon on television.
I heard my son shout from the living room, “Mommy, mommy, come…she did something to your Twitter account.”
I rushed over, grabbed the iPad from my daughter and saw a message that read, “Your account has been suspended for violating the Twitter Rules. If you wish to appeal this suspension, please contact our support team.” And under this message it said “unlock my account.” This message had the Twitter “blue bird” and blue font.
In that moment, it looked legitimate. Especially since my daughter has a habit of just swiping up to clear twitter banner notifications on my iPad. I just figured she had accidently triggered this reset. But now that I look back, I can totally see how it was a sham and I should not have fallen for it.
But, again, I did. I clicked the link, to unlock my account, and entered my email address. To which the hacker sent a code to reset the password. I got the code, and entered my password. Handing the hacker my Twitter password in under five minutes.
As I type this, I get frustrated with myself for not following the simplest rule when it comes to online hacks. CHECK THE SENDER’S EMAIL. Had I done this, I would have noticed, that the message did not come from Twitter, but rather ‘verify @ twttesr dot com.’
I did not realise this immediately. It wasn’t until a viewer emailed our web team and notified us that I realized my account had been hacked.
I was flooded with emails, and texts from concerned family, friends and colleagues. I started to panic. I felt invaded. I compare it to having your wallet lost or stolen. I wasn’t sure at the moment what had actually been compromised.
Thankfully, I don’t use the same password for anything else, but I made sure to immediately change all my passwords. I contacted my employer, and our help desk to notify them of what had happened. And of course, I tried to contact Twitter.
Yes, I checked it was the actual Twitter email. I answered all their questions, and provided them with the information they required. This was Wednesday. The issue did not get resolved until Monday.
Despite the fact that I have a verified Twitter account, it took five days to resolve this issue. During this time, the hacker had hijacked the account, spewed hate, racist remarks, retweets and changed my name a number of times – at one point to Donald J. Trump.
Although, the hacker did not keep my picture or name, and it was never a “personal” hack, an attempt at jeopardizing my image, this felt like a sick game. Because my Twitter handle is verified, it meant more people would see these tweets.
Somehow, the hacker even managed to gain 10,000 new followers (mostly bots) and sent out hundreds of tweets.
As soon as I got my account back, I changed the password and email associated with the account. But Twitter did not delete any of the tweets sent out by the hacker, nor did they get rid of any of the fake followers.
I can delete the account, but that means I would lose my Twitter verification, and all the people that I follow. A list that spans over a decade. And Twitter has paused giving out verification to any new accounts.
To keep the account, meant I had to find a way to delete all the tweets that were sent out. Luckily, that part was easy. There are programs out there that allow you to do just that. But trying to get rid of the new followers hasn’t been that simple.
I decided to write this, knowing that some people might judge me for being naive and falling for a phishing scam.
But I hope others will walk away knowing that mistakes happen, even to people in the media who report on this exact thing happening to others.
I can sit here and blame it on lack of sleep from having kids who crawl into bed with me in the middle of the night. I can blame it on COVID-19 and these strange times. I can try to blame my kids for using mommy’s iPad. But truthfully, I know, I made this mistake. A mistake, I hope that with this story, will help prevent you from making in the future.
A sample of one of hundreds of tweets sent after CTV London reporter Reta Ismail’s Twitter account was hacked.