Online security was put into the limelight in 2015 for a number of reasons, most notably for the Apple iCloud hack whereby a large number of people had their accounts compromised. This meant that many people’s private photograph collection was displayed in the public. We’ve also had hacks at Snapchat where, again, personal images were put into the public domain. Around a billion Android devices could have been put at risk of the Stagefright critical vulnerability and although Google has worked to patch later versions of the operating system, a large but unknown number of other devices are still at risk. We, as Internet users, should take our security seriously because there could be serious implications if we do not.
Social network, Twitter, announced on its blog that it is suspending an undisclosed number of accounts. The post followed reports that large number of exposed Twitter accounts – that is, the account name, email address and password – were made available via the “dark web,” a shady part of the Internet where account credentials are traded, amongst other things. Twitter’s website states that they are confident that these leaked details were not stolen from a hacked server although they do not go into detail: presumably some of the information is out of date or their own logs do not show a leak. Instead, the company explains that this leaked data may have been from information from other hacked websites (perhaps LinkedIn), password-stealing malware on customer computers or perhaps a combination of both. These exposed accounts have been locked and the account owner must unlock it via a password reset in order to obtain access.
Twitter’s blog goes into some detail as to how the company work hard to keep account details secure. The company uses HTTPS everywhere and account details are secured using bcrypt technology. When a new device signs into the service, Twitter look at a number of factors to determine if it is authentic such as the location of the connection, the device being used and login histories to determine the likelihood that this is a genuine login or not. In the case of the currently locked accounts, customers will have already received an email from Twitter explaining that they must reset their password and that until this is done, the account is unavailable for everybody. Twitter also recommends customers use two factor authentication as the best way to increase account security, together with using a strong, unique password. Please, if you have received this email, change your password.