“All upcoming Guns N’ Roses dates are officially canceled. Please contact your place of purchase for any refunds.”
No Guns N’ Roses fan ever wants to see this text. And especially when it’s published on Axl Rose’s official Twitter account, it’s a guaranteed recipe for disaster.
This is not the first time a famous Twitter account is hacked, and I can bet it won’t be the last. Barack Obama, Britney Spears, British Petroleum and the New York Times are just a few big names/brands that have gone through this painful process. Usually, accounts representing companies or celebrities are managed by people with excellent communication skills, not IT skills, and especially not IT security skills.
In general, a lack of user education and strong policies regarding online security often lead to undesirable events. Whether you manage an official Twitter account or a personal one, you should know how Twitter accounts get hacked so you can protect yourself.
Here are three methods:
1. Weak passwords
Do not use trivial passwords. Think of something unique, a password which no one else would think of. Don’t necessarily think of add numbers or hard to remember characters – “admin123” will never be *much* safer than “admin”, and if you add and strange characters, you’ll wake up one day having a hard time remembering your password.
Here’s a nice tip instead. Think of a phrase that is most likely unique and easy to remember, for example, “uniqueeasytorememberphrase”. Be sure no dictionaries used in brute-force attacks include such a password. Also, after using it for several days you will start typing it faster than the blink of an eye.
2. Phishing pages
If they cannot guess the password, cyber criminals will try to make you give it to them, without you even realizing. Keep your eyes wide open when you see e-mails asking you to reset your password, especially if you have not requested it.
Be careful what links you click on. URL shortening services like bit.ly are doing a “great job” masking the final destination of your click. You can unwittingly land on a server which is hosting phishing sites or pages distributing malware.
3. Infected computers
So many times I hear people around me saying “hey, my computer is infected, but it’s okay, I can still do my things.” You can still do your things, but who knows who else is doing *their thing*, intercepting your browsing sessions or logging every key that you press.
Keep all of your applications updated – operating system, antivirus, browser plug-ins, everything. You can be using the latest version of Google Chrome, you’ll still get infected if your Windows security updates are disabled. Security means several layers of defense, and you can’t break any ring in the chain.
This advice can be extended to general online activity, not just social networks, and most importantly, not just Twitter. You should care at least as much for the security of your e-mail account, especially if it was used to register your Twitter or Facebook accounts. Basically, a compromised email account opens op new ways for the bad guys to get into your other accounts: the password reset function usually sends a link to your email address for confirmation.
I want to end this with an advice which is so simple, yet so ignored by most of the internet users. Do not use public computers to log on to your personal accounts. No airport internet machines, no hotel business center, nothing. I know how many times you really need to check your email from a friend’s computer – just don’t do it. You have no idea what’s running on that machine.
Stay Safe! 🙂
* Stefan Tanase is a senior security researcher at Kaspersky Lab. He specializes in monitoring Web 2.0 and social media threats.