Twitter Hacked for the Second time this Year

PC World reports that On Wednesday, an anonymous hacker going by the name of Hacker Croll posted 13 screenshots to a French online discussion forum, apparently captured while logged into the Twitter account of Jason Goldman, a director of product management with Twitter. This hack was confirmed Thursday by Twitter CEO Biz Stone. The initial investigation revealed that at least 10 accounts were viewed during this hack, possible compromising phone numbers, email addresses and more.

How was this hack possible? Well, if I haven’t emphasized enough the need to change your security questions, this should hammer it home. The hacker was able to gain access through the administrator’s Yahoo! account by guessing at his security questions. Once in his Yahoo! mail account, all her had to do is request his password to be emailed to the account. Security questions are the prompts you receive when you click “I forgot my password” button. They have been the focus of many attacks and breaches, since many times they are easily guessed answers or publicly available information (such as the high school you went to, the town you grew up in, and so forth).

This is the second time someone has hacked into the support staff at Twitter, the first was in January. During the attack in January, it was reported that the password was a word found in the dictionary with no special characters or numbers. A password that would be easily guessed: happiness. Highlighting the problem with third parties who handle your information carelessly. You may take all the precautions to protect your information, but it only takes one mistake by someone else at a company to expose your information.

While some of the recent security problems that Twitter has experianced are related to technology attacks, such as worms and viruses- this highlights the ongoing problem of social engineering attacks. Knowledge is power, and most people would be surprised to find out what information is available to the public. Further, most people are unaware of the amount of information that they place on thier profiles that can be used to conduct these kinds of attacks. Limiting the amount of personal information available by using the privacy setting is important. It is equally important to change the answers to your security questions- make sure the answers are ones you would remember, but no one else who knew the “right” answer could get it. When asked about your pet’s name, pick your best friend’s middle name. When asked about the town you grew up in, answer with the last four digits of your phone number- whatever it takes to make it more difficult to obtain access to your accounts.