You must have heard of the recent breach into Twitter accounts and rumors of passwords being sold on the dark web. Today, Twitter confirmed these rumors to be facts and announced several steps taken to protect the affected accounts.
Is Twitter’s Security to Blame?
The Trust and Security officer of Twitter, Michael Coates has written a detailed article on the official blog of Twitter. He has covered the background of the situation, elaborated on the security system at Twitter, and the steps taken to address this developing problem.
Coates explained that the security of Twitter’s servers was not breached and user information is secure.
He further said that the purported Twitter @names and passwords may have been amassed by:
- combining information from other recent breaches,
- malware on victim machines that are stealing passwords for all sites,
- or a combination of both.
Steps Taken by Twitter to Protect Victim Accounts
Twitter has taken the following steps to tackle this security breach:
- With reference to the password disclosures, Twitter has cross-checked all the data with their records. A number of Twitter accounts were confirmed as victims of breach and were identified for extra protection.
- Accounts with direct password exposure were locked and now require a password reset by the account owner.
How Does Twitter Keep Accounts Safe at All Times
Twitter ensures the safety of its user’s accounts through the following main methods:
- Fundamental method of using HTTPS everywhere and security for email from twitter.com.
- Securing account credentials using bycrypt.
- Evaluating items such as location, device being used, and login history to identify suspicious account access or behavior.
- If a situation arises where the password of a user is directly exposed, the user is sent a password reset notification; the account is protected until the owner of the email or phone number resets the password.
What Should You Do to Ensure Your Account’s Safety?
Here are certain easy steps you can take to ensure the safety of your Twitter account:
- Enable login verification (e.g. two factor authentication). This is the single best action you can take to increase your account security.
- Use a strong password that you don’t reuse on other websites.
- Use a password manager such as 1Password or LastPass to make sure you’re using strong, unique passwords everywhere.
While Twitter stated its resolve to take every step to enhance and ensure the safety of user’s accounts, it also encouraged users to stay vigilant.