Posts

32 Million Twitter Pass for sale Add two-factor NOW

The Dark Web, according to LeakedSource, got ahold of 33 million Twitter account details and put them up for sale. Twitter thus locked the accounts for millions of users.

5DTwitter, however, doesn’t believe its servers were directly attacked. So what happened? The bad guys may have created a composite of data from other breached sources. Or, they could have used malware to steal passwords off of devices.

Nevertheless, the end result meant that for many Twitter accounts, there was password exposure—leading to the lockdown of these accounts. The owners of these accounts had to reset their password after being notified of this by e-mail.

Some users who did not receive this e-mail notification will find that their accounts are locked.

An Ounce of Prevention

  • Go through the passwords of all of your vital accounts, and see which ones are unique, long and strong. You’ll likely need to change many passwords, as most people use simple to remember passwords that often contain keyboard sequences and/or words/names that can be found in a dictionary, such as 890Paul. These are easily cracked with a hacker’s software.
  • Who’d ever think that Facebook’s chief executive Mark Zuckerberg’s Twitter account could be hacked? It was, indeed, and it’s believed this was possible due to him reusing the username of his LinkedIn account several years ago.
  • So it’s not just passwords that are the problem; it’s usernames. Not only should these be unique, but every single account should have a different username and password. However if a username is an email address, you can’t do much here.
  • Passwords and usernames should be at least eight characters long.
  • Use more than just letters and numbers-use characters if accepted (e.g., #, $, &).
  • So Paul’s new and better password might be: Luap1988($#.
  • Sign up with the account’s two-factor authentication. Not all accounts have this, but Twitter sure does. It makes it impossible for a crook to sign into your account unless he has your cell phone to receive the unique verification code that’s triggered with every login attempt.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Twitters ups its Security Game

Twitter recently announced its new tool to help with management and monitoring of its users’ accounts: the Twitter data dashboard.

7WAn article on lifehacker.com details what this new tool will offer. For instance, you will not need to use your real name on Twitter—and I have to admit, this is an odd way to promote the tool, because I’m sure that scads of Twitter users haven’t been using their real name for years. It’s not as though Twitter can tell that “Emily White” is really Sashea Fiopwieei.

Anyways, users will be happy that their privacy settings will let them control whether or not their tweets are kept public. You will be able to enable login verification to increase your account’s security.

The Twitter data dashboard can be accessed from the settings menu that users can find on twitter.com. It shows the user’s account activation details and recent login history. It also reveals any devices that have accessed the account.

This setup allows the user to review account activity in an expedient way and make sure that everything looks right.

Now suppose you notice login activity from an unfamiliar app. You can go to your settings and look for the apps tab and revoke the application’s access to your account.

The lifehacker.com article also points out that if you notice logins from unfamiliar locations, you can immediately change your password.

You also have the option for setting up login verification to add an extra layer of security to your account. Twitter’s new dashboard will let you manage your Twitter archive and control your address book contacts, among other items that you will have more jurisdiction over.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

10 Ways to Protect Your Twitter Account From Getting Hacked

Recent news of Twitter accounts being hacked has slowed a bit, partly due to Twitter implementing two-factor authentication. When you sign in to Twitter.com, there’s an option in “Settings” under “Account security” for a second check to require a verification code to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address. To get started, follow these steps:

  • Visit your account settings page.
  • Select “Require a verification code when I sign in.”
  • Click on the link to “add a phone” and follow the prompts.
  • After you enroll in login verification, you’ll be asked to enter a six-digit code that Twitter will send to your phone via SMS each time you sign in to www.twitter.com.

In cases where more than one person accesses the same Twitter account, Twitter’s two-factor authentication is less effective. Create an open dialog with fellow account holders and share second-factor authenticating identifiers via text.

Some more tips:

  1. Limit the number of people that have access to your account.
  2. Use a strong password.
  3. Use Twitters login verification.
  4. Watch out for suspicious links, and always make sure you’re actually on Twitter.com before you enter your login information.
  5. Never give your username and password out to untrusted third parties, especially those promising to get you followers or make you money.
  6. Make sure your computer and operating system is up to date with the most recent patches, upgrades and anti-virus software.
  7. Beware of phishing. Phishing is when someone tries to trick you into giving up your Twitter or email username and password, usually so they can send out spam to all your followers from your account. Often, they’ll try to trick you with a link that goes to a fake login page.
  8. Beware of typosquatting or cybersquatting. Typosquatting, which is also known as URL hijacking, is a form of cybersquatting that targets internet users who accidentally type a website address into their web browser incorrectly. When users make a typographical error while entering the website address, they may be led to an alternative website owned by a cybersquatter.
  9. Beware of short urls. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service, such as URL Expanders for Internet Explorer and URL Expanders for Firefox.

10. Use aVPN (Virtual Private Network). Protect your private information and sensitive data from snoopers and hackers while surfing the web at WiFi hotspots, hotels, airports and corporate offices with Hotspot Shield VPN’s WiFi security feature.

 

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Twitter Crime on the Rise

Twitter is now beginning to see a substantial rise in active users. A recent report found that the percentage of Twitter users who have tweeted ten or more times, have more than ten followers, and follow more than ten people rose from 21% to 29% in the first half of 2010.

Spammers, scammers, and thieves are paying attention.

In the physical world, when communities become larger and more densely populated, crime rises. This also applies to online communities, like Twitter and Facebook.

Twitter’s “direct messages” and “mention” functions are laden with spam, often prompting users to click various links. Why anyone would want me to “Take a Good Look at Hypnotherapy” is beyond me, but someone must be buying because the spam keeps coming.

Common Twitter scams include:

Hijacked Accounts: Numerous Twitter (and Facebook) accounts, including those of President Obama, Britney Spears, Fox News and others have been taken over and used to ridicule, harass, or commit fraud.

Social Media Identity Theft: Hundreds of imposter accounts are set up every day. Sarah Palin, St. Louis Cardinals Coach Tony LaRussa, Kanye West, The Huffington Post, and many others have been impersonated by fake Twitter accounts opened in their names.

Worms: Twitter is sometimes plagued by worms, which spread messages encouraging users to click malicious links. When one user clicks, his account is infected and used to further spread the message. Soon his followers and then their followers are all infected.

DOS Attack: A denial-of-service attack left Twitter dark for more than three hours. The attack seems to have been coordinated by Russian hackers targeting a blogger in the Eastern European country of Georgia.

Botnet Controller: One Twitter account produced links pointed to commands to download code that would make users’ computers part of a botnet.

Phishing: Hacked Twitter accounts are used to send phishing messages, which instruct users to click links that point to spoofed sites, where users will be prompted to enter login credentials, putting themselves at risk of identity theft.

Twitter Porn: Please, “Misty Buttons,” stop sending me invites to chat or to check out your pictures.

Twitter Spam: The use of shortened URLs has made Twitter’s 140 character limit the perfect launch pad for spam, shilling diet pills, Viagra and whatever else you don’t need.

To prevent social media identity theft, take ownership of your name or personal brand on Twitter. Protecting yourself from other scams requires some savvy and an unwillingness to click mysterious links. In other cases, you’ll need to keep your web browser and operating system updated in order to remain safe. Make sure to keep your antivirus software updated with the latest definitions, as well.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hacking wireless networks on Fox Boston. (Disclosures)