Twitter: Here's how all those celebs got hacked, and how to protect yourself
This week the news has been full of examples of notable celebrities from Facebook CEO Mark Zuckerberg to Kylie Jenner who found their Twitter accounts hacked. On Tuesday, the NFL's official Twitter account was hijacked by someone who falsely announced the death of commissioner Roger Goodell.
Bold-faced names aren't the only ones at risk. On Thursday, the security website LeakedSource reported that some 32 million Twitter user credentials, including passwords, had surfaced.
But Twitter denied that it was the victim of a data breach. Instead, it suggested that the data might have been gathered from hacks at other sites or through malware that could have lifted data from people's own computers.
In a blog post, Twitter's Trust and Security Officer Michael Coates wrote that the company has investigated claims of Twitter handles and passwords available on the "dark web," and has notified users who might have been compromised.
"In each of the recent password disclosures, we cross-checked the data with our records," he wrote. "As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner."
Coates went on to say that Twitter applies various methods to ensure accounts are protected "on an ongoing basis," which includes using "HTTPS everywhere and security for email from twitter.com."
Account access is also protected by evaluating location, what device was in use, and login history in order to flag suspicious account behavior. When a user's account is exposed, the user is sent a password reset notification, Coates said.
So, in light of all of this, what should the average Twitter user do to ensure account safety?
Coates recommended a few basic steps. For one, they should enable two-factor account authentication, which ads an additional login verification step to increase security.
In addition -- a point often stressed by tech security experts -- users should not reuse the same password on multiple websites. Coates urged users to create a strong, unique password for their Twitter accounts.
Finally, Coates wrote that users should consider using a password manager like 1Password or LastPass, which ensures they are using unique, secure passwords for all of their various online and social accounts.
"The recent prevalence of data breaches from other websites is challenging for all websites -- not just those breached. Attackers mine the exposed username, email and password data, leverage automation, and then attempt to automatically test this login data and passwords against all top websites," he wrote. "If a person used the same username and password on multiple sites then attackers could, in some situations, automatically take over their account. That's why a breach of passwords associated with website X could result in compromised accounts at unrelated website Y."
Two other massive data breaches reported in recent weeks have added to concerns about users' data being exposed or exploited online. LeakedSource reported in late May that more than 360 million records from Myspace were obtained from a hacking incident in 2013. And user information, including passwords, from 167 million LinkedIn accounts also surfaced, apparently obtained in a 2012 hack.