Hackers have been keeping busy!
In the last couple of weeks high profile American newspapers The Wall Street Journal and New York Times have both been hacked by Chinese hackers. There is nothing to suggest that the same hackers are behind the cyber attack on Twitter, but it has all come to light over the last two weeks.
In a very sophisticated attack, the micro blogging site Twitter has also had their security breached, and 250,000 users’ accounts have been compromised.
Twitter chose to go public before they finished investigating the breach in order to inform their users. From a blog post by Twitter Director of Information Security Bob Lord (@boblord):
“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.
As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.”
So what are the consequences of this security breach?
Hackers have gained access to thousands of users’ accounts; the cyber attackers may have gotten usernames, email addresses, passwords and other data of Twitter users. The important thing to do is to change your password, and ensure you use strong passwords which combine letters and numbers as well as higher and lower case. Do not use the same password across multiple sites. Please read our article “Protecting your online security – Your guide to safe passwords” for more information about passwords.
As a precaution, Twitter invalidated passwords of accounts affected and sent people email messages telling them to create new ones.
Omniquad recommends that you reset your Twitter password from within Twitter rather than through any emails you receive, in case emails from Twitter are spoofs. If you find you cannot log in, don’t panic; Twitter will help you:
Spoof Twitter Emails – Twitter Phishing Scams
The other thing we may expect is another wave of Phishing scams targeting Twitter users.
Withith every security breach such as this scammers target users with spam and scam emails encouraging people to click links in emails, and divulge private and confidential information.
This happened when both LinkedIn and Yahoo! were hacked last year, Omniquads Mailwall Remote Spam Research team saw a large surge in this type of phishing attacks, which were stopped for customers using our email security service. We are confident that people will receive scam emails purporting to be from Twitter. If you are worried that your account is affected, we recommend that you sign into Twitter the usual way, and change your password.
You can read more about the old LinkedIn Security breach here.
This is a good time to re-read our old blog post : “Top 5 Reasons You Should Not Click on Links sent via E-mail!”
And finally, a quick recap:
Protect yourself from email frauds/scams/phishing:
– Never click on Hyperlinks within emails, instead, copy and paste them into your browser.
– Do not open any file attached to the email.
– Always look for “https://” and padlock on web sites that require personal information.
– If you didn’t initiate a transaction to which an email is referring, it’s probably a scam.
– Never respond to spam / suspicious email or emails from unknown senders.
– Do not supply your personal / Bank account information to strangers, they are most likely scammers.
– Use spam filtering software.
– The Omniquad Team