On the first of this month, Twitter reported a hacking attempt on the social network that compromised over 250,000 accounts. Within hours after the attack pattern emerged, we were experiencing Twitter downtime for some time. Twitter had shut down itself to recover from the attack.
Now, everything is under control, as per the latest update. However, if you are one of the 250,000 that got hacked, you should take immediate action. Here, we have a complete security guide to the social network.
How to Know If Your Twitter Account Is Hacked?
There are two types of account hacks—implicit and explicit. Explicit hacks are the ones that you can immediately identify. For instance, you will see unusual activity on your account—direct messages that you never initiated, an increase in the number of people you follow, unknown new people in your ‘following’ list, tweets and retweets that you did not initiate, etc. In the worst case, your hacker changes your password and you will no longer have access to your Twitter account.
In implicit hacking scenarios, you don’t have any idea whether your account has been hacked or not. You can access your account without any issues, and there is no identifiable unusual activity on the account. The account seems to have everything right! Since most people won’t take any action, this sort of attacks is extremely dangerous and could in fact lead to a chain of attacks through linked accounts.
In order to find out whether you have been hacked, there are a few things you can do.
First of all, look through all your lists—your ‘following’ lists, ‘followers’ lists, subscribed lists, and most importantly, your app lists. Among the apps, check and see if you gave approval to any app to login through your Twitter account. You can see the picture below to find out:
Now, you actually need to log into the app and see if there is any account activity done with your Twitter account. You have to check for anomalous activity on all apps linked to your Twitter.
In effect, in order to find out if your account is safe or not, you really have to go one step further and analyze your Twitter account completely.
In order to inspect your tweet list, you can download an archive from Twitter. Go to Settings->Account->Twitter Archive. You will get an email with the download link to your generated archive file. With this, you can immediately flip through your tweets. This is one easy way to spot unusual tweets.
As an important step, you should analyze your Twitter account settings and see if it has your current email address and phone number updated. If it is an old account and you are no longer using the email listed, immediately change it to your current email address.
Some things are said over and over again, such as make a strong password, do not share the password, understand security issues like malware, spyware, etc. Here, we tell you the most important things. Again!
1. Keep Strong Passwords
Despite the widespread knowledge that you should have strong passwords, we have an astounding number of users who go by such passwords as their family name, their birth date, the pet’s name, the word ‘password’, or five asterisks. This is definitely not a good practice. If you want to keep your account secure, you must have a strong password, period!
A strong password should be more than 10 characters long, and should include capital and lower case letters, a few of the special characters, and numbers.
Hacking a password is an exponential game. Let me explain. Imagine a password cracking system that can test half a million passwords a second with the help of 200 computers (very much possible with the current technology). Here is the calculation:
|Password length||Only upper case||Only lower case||Upper case & lower case||Uppercase, lowercase, & digits||Uppercase, lowercase, digits, & special characters|
|6||1 min||1 min||4 min||10 min||28 min|
|7||2 min||2 min||172 min||10 hrs||34 hrs|
|8||35 min||35 min||7 days||26 days||4 months|
|9||16 hrs||16 hrs||11 months||5 yrs||22 yrs|
|10||17 days||17 days||47 yrs||270 yrs||15 centuries|
|11||15 months||15 months||24 centuries||167 centuries||1171 centuries|
|12||31 yrs||31 yrs||1256 centuries||1 million yrs||8.6 million yrs|
You can see from the table how easy it is to crack your single-word passwords.
An astounding thing you can see here is that you can get a pretty stronger password only by adding one more character to it or making it difficult by adding a special character. It takes exponential amount of time to crack these passwords because the hacker has no idea how many characters the password has and he has to try every combination available on every key length.
Intelligent people know this and they add one or two more characters to their passwords to strengthen them.
Another method of hacking involves actually guessing your password based on such information as your name, name of your pet, date of birth, etc. Hence, it goes without saying that a random password works better than one that includes your name and such other stuff.
Some people find it difficult to create a unique password for each web service and keep the same, albeit difficult, password for all. It is still a pretty dangerous thing to do. If you share your Twitter ID and password with anther web service and that web service has been compromised, your Twitter account will be next.
2. Know About Phishing
Sometimes, people are fooled into revealing their personal information by websites that look legitimate. You know anyone can create a website today, right? A hacker would simply create a website and design it exactly like Twitter. He would place a login option on it, and will simply direct you to that website through an email or an advertisement.
When you accidentally visit that website, you may think that it is Twitter and may log in with your actual user ID and password. The login credentials are actually recorded by the website and sent to the attacker. This type of attack is known as Phishing (yes, it comes from the practice of baiting a fish).
You can easily avoid Phishing attacks just by looking at the website address. Twitter.com address can be operated only by Twitter, and you will see that on your browser’s address bar. If you see something else on the address bar and the website looks like Twitter, then be warned, it’s an attack!
3. Do Not Share Your Passwords
You may come across a number of online services that promise you a huge number of followers and shares on your Twitter profile. Several of them require your Twitter password as well in order to connect with your account. Be warned at this time. Do not share your password with any such apps.
In fact, your password should be your own, and it needn’t be shared with even your spouse. I would also suggest that you not store your password anywhere in your computer, let alone on a cloud service like Dropbox. If you really want to safeguard your passwords, simply write them down on a piece of paper and make sure you keep it secure.
4. Keep Antivirus and OS Updated
It doesn’t matter where you are using your Twitter account—your PC, smartphone, or your tablet. Make sure you have a very good security solution installed. Here is a list of impressive security software for tablets and smartphones. Also, make sure you keep your operating system updated all the time.
Recovering Lost Twitter Passwords
This should be easy as long as you have still access to your email address and phone number associated with the account. If you ever feel that your password has been compromised, you should immediately log in and change it. In fact, at this point it is quite recommended since over 250,000 Twitter accounts have been hacked.
If your password has been changed, it should be easy to create a new password by simply going through Twitter’s ‘forgot password’ procedure. It can be done with your email address or your phone number.
I believe, by now you may have quite an idea of the importance of a Twitter password with diverse characters. The longer your password the more difficult it is to crack it even with extremely good hacking methods. Make sure you check your Twitter details right now and confirm the account details are current and there is no unusual activity. It is a good idea to change your password.