Recently headlines have included the alarming news that the personal login information for thousands of Hotmail accounts was posted online. While an investigation is being conducted, experts have urged anyone with a Hotmail account to change their password immediately. Many experts also recommend that if you use that account in conjunction with other accounts, such as your social networking account, that you change the information used in those accounts as well.

Today, BBC News announced that more email accounts were posted: Yahoo, Gmail, AOL, Comcast, and Earthlink users appear among those accounts impacted. Again, security experts are urging those with accounts to change their login details.

The security implications of this are massive. Right now, news reports are stating that these appear to be the result of a massive phishing attack. On the other hand, it has already been determined that some of the accounts are old or inactive, which may indicate that this particular thief was operating for a long period of time. In any case, changing my password is only a start.  Personally, I will be taking the following additional precautions, and I would make the same recommendation to others. These are extra steps everyone should take at least once a year, or during situations where an account may be compromised:

*Awareness If you have an affected account, make sure all of the people you email know about this story. Everyone should know that if they suddenly get a request from “you” for emergency money to be wired overseas, that it is unlikely to actually be you.

*Change passwords to everything. Many accounts now have an option that you can have your password “expire” prompt you for a new one periodically (usually every 72 days).

*Where possible change your username and “attached” emails to financial accounts and social networking pages.

*Change your security questions and answers. These are the questions asked when you click “I forgot my password”. If there was someone snooping in your email, they probably know you better than your best friend. It is likely they would know the real answers to questions like, “What high school did you go to?” Or “what is your library card number?”

*Check your sent folder in your email to make sure you recognize all the emails that have been sent from your account.

*Be aware that this will likely result in phishing, scam, and spam attacks increasing over the next few months. In addition to the evidence of a likely successful attack, email addresses that were exposed may have been harvested by spam bots.  The upcoming holiday season makes for a great opportunity for criminals to leverage this information against unsuspecting consumers. Expect phishing attacks to appear to come from charities, your financial institutions and government entities.

*Make sure your computer’s security software is updated and automatic updates are turned on and checked weekly, at least.

*Immediately report phishing emails to abuse@domain.com or spam@domain.com. If you receive what is clearly a phishing email from your friend, call them and let them know, then forward the email to one of the reporting addresses for your domain.

*Login to your email, and using the search field type the word “password. Delete any emails you may have received from websites confirming your password change or providing a link to change your password. Then search for “user name” and delete those emails as well. Remember, if someone has access to your email you don’t want to give them ideas about which website or account to try next.

PC World reports that On Wednesday, an anonymous hacker going by the name of Hacker Croll posted 13 screenshots to a French online discussion forum, apparently captured while logged into the Twitter account of Jason Goldman, a director of product management with Twitter. This hack was confirmed Thursday by Twitter CEO Biz Stone. The initial investigation revealed that at least 10 accounts were viewed during this hack, possible compromising phone numbers, email addresses and more.

How was this hack possible? Well, if I haven’t emphasized enough the need to change your security questions, this should hammer it home. The hacker was able to gain access through the administrator’s Yahoo! account by guessing at his security questions. Once in his Yahoo! mail account, all her had to do is request his password to be emailed to the account. Security questions are the prompts you receive when you click “I forgot my password” button. They have been the focus of many attacks and breaches, since many times they are easily guessed answers or publicly available information (such as the high school you went to, the town you grew up in, and so forth).

This is the second time someone has hacked into the support staff at Twitter, the first was in January. During the attack in January, it was reported that the password was a word found in the dictionary with no special characters or numbers. A password that would be easily guessed: happiness. Highlighting the problem with third parties who handle your information carelessly. You may take all the precautions to protect your information, but it only takes one mistake by someone else at a company to expose your information.

While some of the recent security problems that Twitter has experianced are related to technology attacks, such as worms and viruses- this highlights the ongoing problem of social engineering attacks. Knowledge is power, and most people would be surprised to find out what information is available to the public. Further, most people are unaware of the amount of information that they place on thier profiles that can be used to conduct these kinds of attacks. Limiting the amount of personal information available by using the privacy setting is important. It is equally important to change the answers to your security questions- make sure the answers are ones you would remember, but no one else who knew the “right” answer could get it. When asked about your pet’s name, pick your best friend’s middle name. When asked about the town you grew up in, answer with the last four digits of your phone number- whatever it takes to make it more difficult to obtain access to your accounts.