With some very high profile Twitter accounts being hacked and defaced this week, Jeep and Burger King, what can you do to protect your Twitter account from being hacked?
It is very hard to prevent your account from being hacked by a real expert, but to deter a hacker or ex-employee from defacing your Twitter account and sending out abuse Tweets there is a few things you can do to minimise risk.
How Does It Happen?
Twitter account hacking can happen through contracting a computer viruses where you have clicked on a link in a direct message that says something like “Look at what this person is saying about you online!” It takes you to a website and asks you to put your log in details in again as if you have been logged out of Twitter, and there they have your account log in details to use as they wish. Or you may have malware already on your computer that has been gathering your passwords.
It could be an organised Hacker group who are expert at hacking into anything online, or a disgruntled ex worker or social media consultant, like what happened to HMV where the sacked social media company took to the Twitter account they were managing and blasted the company for firing them through company Twitter account.
It may also be that you have handed the Twitter log in details out to too many members of staff, and one of them decides to be funny and they Tweet something very inappropriate as happened to the Red Cross last year..
Why Do The Hackers Do It?
For kudos, to prove that they can. It’s a badge of honour among the hacker community. It could also be that the hacker or hacker group genuinely may not like something about the corporation they have hacked into. Hackers can be quite vigilante in their approach, taking on a social cause and drawing attention to it, by ridiculing and embarrassing the brand they are attacking.
If you have been hacked by an lone individual, it might be a disgruntled staff member, an ex staff member, an unpaid social media consultant, a competitor, a bully, someone who is actually a family member or friend who thinks it’s funny.
How Do They Do It?
For large hacker groups they may have access to a large data base of login’s as happened earlier this year when Twitters data base was apparently hacked. They may use software to crack the password which can be very easy if its not very secure. If you have been hacked by an individual, it could be a disgruntled employee, an ex friend, you may have given them the login’s and forgotten to change the password once they have left, or you may have left your account open on your phone or computer. As simple as that. Some people have all their online account passwords in a book, or in a Word document that is open on their desktops….A true gift for a person with a malicious streak.
Twitter Is Not As Secure As Facebook Or Google.
Twitter has no 2 step verification like Facebook or Google has, where if you set it up and your Twitter account is logged into from a new browser or different device that is not registered with the account, you are sent a code to your mobile phone via SMS to enter into the pop up verification window to ensure that you are the owner of the account. As part of this 2 step verification on Facebook and Google, you also then get a message via your email address to alert you that your account was accessed from a new browser or device and you can reply to that email to report that you may have been hacked, if the login didn’t come from you.
Twitter are under a lot of pressure to step up security. Twitter need to make 2 step verification available quick smart!Apparently it may not be feasible though. If a hacker has your phone and your log in details with 2 step verification then obviously this doesn’t work as well, but it’s less likely.
The only real security Twitter have right now is a recommendation to create a secure not easy to guess password. There is one security setting in Twitter account settings the Password Reset option “require personal information” to reset password. This means that if someone gets into your account they can’t reset the password and block you from rescuing the account without the extra personal information, which would be even worse, of course, you would be locked out of your own Twitter account and meanwhile the abusive tweets are going on and on.
This Can Happen To Anyone
This happens to regular accounts as well as large corporate ones but in different ways. It may not be a hacker group that hacks your account it might be a c0-worker who thinks its funny to hack your account by sitting at your computer where you are still logged in, and sending out an embarrassing tweet that seems to have come from you.
Steps To Take To Help Prevent A Hack Of Your Twitter Account
- Set a secure password 8-9 digits long. A series of random numbers letters and lower and upper case letters, or a combination of random words including numbers and upper and lower case letters. e.g Racoon3Egg_55 Don’t use any combination of letters that makes sense, or is linked to you or your company at all. No sequential numbers.
- Don’t click on odd looking links on Twitter from people you don’t know, or if it says “someone’s talking about you on Twitter”
- Because you can’t have a multi use accounts on Twitter, and every user of that account, has the same login details to the Twitter account (Twitter need to change that also, and provide separate login’s for company accounts) be very careful about who knows the login details to the account. Limit the amount of people who know the login email and password.
- Set up the “Require personal information to reset password” feature, though Twitter settings.
- Change the password every month at minimum.
- Change the password after any employee who knows the login leaves or a social media person who works on the account.
- Keep the password securely, not on your computer unless you use a secure password storage application like 1Password. Post it notes on the computer not a great idea!
- Remember to always log out of your account when you have finished Tweeting.
- Don’t allow your computer to store the password in its browser or keychain settings. Say no if it prompts you to save the password or to keep you logged in.
- Password protect your computer or device set it up in preferences and user settings.
- Check your own Tweet stream, be sure your account isn’t sending out a virus, or messages that are not from you.
- Use a service like www.twilert.com who send you daily or hourly emails showing your activity on twitter, your tweets, re-tweets, your @ messages direct messages
- Check on the apps through settings you have allowed to have access to your account and delete any that you don’t need. Apps can be one way that hackers can get to your account.
- Ensure your computer has an up to date virus protection software on it, and it is being updated and is scanning your computer regularly.
- Be sure you have your firewall enabled on your internet modem (it should be set by default) and also on your computer. Go to security in control panel or in preferences in Mac.
What To Do If You Have Been Hacked
- Immediately log into your account and change the password if you can.
- Report your account as having been hacked to Twitter Here:
- Put out an announcement out on your Twitter account that you have been hacked and are dealing with it. Apologise for any offence caused.
- You then need to clean up your account, delete messages change your background if it was changed, check the profile picture and bio information.
- It might be best to protect your tweets while you are doing this, by going to settings and tick protect my tweets, it means that only followers can see them for now, and any new followers have to be approved.
- Check all your passwords on your computer and device.
- Run your anti virus software on your computer.
- Call your internet security company if you have one.
- If it falls under the description of a crime call the police.
If you can’t log in because the hackers have changed the password, then you need to contact Twitter to get them to change the password for you. This may take over an hour.
Contact Twitter Here:
Have you ever been hacked? Tell us what happened in comments.
Anything I haven’t covered here let me know in comments.
I’ll be on “The Morning Show” Channel 7 discussing this issue tomorrow Thursday morning 21st Feb 2013 at 9am. Tune in!
Follow Me on Twitter! Click here ? @_LeonieGSmith
Here’s the video of the interview