Last Tuesday, April 23, the Twitter account of the Associated Press news agency was hacked and sent out a hoax tweet reporting that President Barack Obama had been injured by an explosion in the White House. Within seconds, Wall Street was in panic mode and US stock plunged.
Situations like this illustrate once again the dangers of using weak passwords not only for home users but in corporate environments as well. Today, social networking sites are very often the first point of contact between users and companies, and special care should be taken to strengthen the security of social media accounts.
When a Twitter account is hacked, the public normally thinks it has been the result of some highly sophisticated attack perpetrated with complex programs and all sorts of stealth systems only accessible to some privileged minds… Well, in reality, things are usually much simpler. In most cases, the so-called “hacker” simply guess their victim‘s password. The most complex attacks are actually those where the attacker tricks the user into re-entering their credentials in some system unaware of the fact that, in reality, they are submitting their data to a cyber-criminal (which, by the way, was exactly what happened in the AP Twitter hack).
Two months ago, Burger King’s Twitter account was also hacked. Its background picture was changed to a McDonald’s image, and a message was posted announcing that the company had been sold to their rivals. It is not known what password Burger King used, but I would say “whopper” is one of the safest bets… The AP attack might look like an isolated incident, but unfortunately these attacks are far more common than it seems. In fact, the group behind the hack, the self-proclaimed “Syrian Electronic Army”, also hacked the Twitter accounts of watchdog organization Human Rights Watch, French news service France 24 and the BBC’s weather service.
But it is not only Twitter accounts that are at risk. Many of us still remember the theft of a series of compromising photos from Scarlett Johansson’s cell phone for example. Preliminary investigation seemed to indicate that a hacker had been able to launch a cyber-attack on the American actress’s cell phone, accessing her personal information. Later, however, it was found out that the ‘hacker’ was simply a man with a penchant for hacking into celebrities’ accounts who had been able to guess the star’s email address password.
Let me finish by offering you a series of simple tips about social media passwords that will help you protect yourselves from this type of attack:
- Size matters: The longer the password, the safer it will be.
- Do not use personal information (your name, your phone number, etc.) to create passwords.
- NEVER use the same password for multiple accounts.
- Use passwords that are a combination of numbers, letters and special characters. The more complex the password, the safer it will be.
- Change your passwords frequently.
Do not reveal your passwords or send them via email.