There seems to be an influx of social media hacks and data breaches at the moment.
First, there were reports of the LinkedIn data breach, in which the details or more than 117 million accounts were put up for sale on a Russian hacker forum. After that came word that the credentials for 360 million MySpace accounts, and 65 million Tumblr users, were also being sold. And in between, there's been various reports of celebrity hacks, including Katy Perry, Lana Del Ray, Drake, Keith Richards and Kylie Jenner.
The Twitter account of Tenacious D was among the celebrity hacks
So why is this happening? Why are so many Twitter accounts being hacked - and is your account next?
Today, reports have indicated that the hacks may be occurring due to a leak of almost 33 million Twitter accounts, which have been put up for sale on the online black market.
Here are the details.
LeakedSource came across the Twitter data which was provided to them by a user named "[email protected]" - this user was, reportedly, trying to sell the data for around $6,000 online, but LeakedSource was able to obtain the full list. LeakedSource notes that they don't believe Twitter itself was actually hacked, but that malware is likely to blame for the data breach.
"The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter."
So malware gets into your system without you knowing it and steals your passwords, which are then added to the data base.
(If you're interested, you can actually search the database for any mention of your details on LeakedSource, though it's unclear if this is the complete listing.)
Twitter has addressed the leak, with the platform's Trust and Security officer Michael Coates saying that they don't believe their platform was hacked, which aligns with LeakedSource's explanation.
We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.- Michael Coates ஃ (@_mwc) June 9, 2016
Twitter's also working to cross-check the data against its user records and will likely invalidate the passwords of those affected, forcing them to enter new security details.
To help keep people safe and accounts protected, we've been checking our data against what's been shared from recent password leaks.- Twitter Support (@Support) June 6, 2016
But even so, users shouldn't necessarily rely on the platforms to fix the problem, as there are measures you can take to improve your security also.
Keeping it Simple
Aside from the data itself, LeakedSource has also revealed some insights into the leaked data, including the most common passwords used.
(Image via LeakedSource)
That's right, the most common password amongst the 32m+ listed was "123456", followed by similar variations on the theme.
Now, these passwords were hacked, of course, so this factor wasn't specifically relevant in this case, but it does underline the fact that even though we've been told over and over again to avoid simple passwords and improve our account security through complexity, that message still hasn't filtered through.
LeakedSource also highlighted the domains from which the majority of e-mail addresses came from, with six of the top 10 originating from Russia.
(Image via LeakedSource)
But that doesn't necessarily lessen the possibility that your account was included in the breach, and it's important, even if you don't think the breach affects you, to take such threats seriously.
And definitely, if your password is listed above, time to change it. You can bet hackers will be using this list as a reference point in their actions from now on.
What Can You Do?
Changing your password should be your first order of business - update your password and ensure you don't share the information beyond what's necessary, and ensure the password you use has some level of complexity, with letters, numbers and upper and lowercase characters.
Also consider whether you use the same password across various accounts. When news of the MySpace hack surfaced, many scoffed - like anyone still uses MySpace, right? And while that may be true, many people do still use the same passwords across various accounts. If a hacker were to obtain your banking information, for example, could they use those same passwords to access your accounts?
You could also considering using services like LastPass, which randomly generates passwords on your behalf - but probably the best and safest way to protect your accounts is to use two-factor authentication.
Here's how you can enable two-factor authentication (or "login verification") for some of the major social networks.
(You can find a full listing of social networks that have two-factor authentication in place, and how to enable it, at Two Factor Auth.)
By enabling two-factor verification, you'll need to enter a verification code, sent to your phone, any time your account is accessed from an unfamiliar IP address.
UPDATE (6/10): Twitter has posted a blog explaining the efforts they're undertaking to protect users in the wake of this breach:
"If your Twitter information was impacted by any of the recent issues - because of password disclosures from other companies or the leak on the "dark web" - then you have already received an email that your account password must be reset. Your account won't be accessible until you do so, to ensure that unauthorized individuals don't have access."