The dangers of using weak passwords have been illustrated time and time again, not only for home users but in corporate environments also. Social networking sites are often the first point of contact between users and companies, and special care should be taken to strengthen the security of social media accounts.
On 23 April 2013 the Twitter account of the Associated Press (AP) news agency was hacked and subsequently sent out a hoax tweet reporting that President Barack Obama had been injured in an explosion in the White House. Within seconds, Wall Street was in panic mode and US stocks plummeted.
When a Twitter account is hacked, the public normally thinks it's a result of some highly sophisticated attack perpetrated with complex programs and all sorts of stealth systems only accessible to some privileged minds... Well, in reality, things are usually much simpler. In most cases, the so-called "hacker" simply guesses their victim's password. The most complex attacks are actually those where the attacker tricks the user into re-entering their credentials in some system, unaware of the fact that, in reality, they are submitting their data to a cyber-criminal (which was exactly what happened in the AP Twitter hack).
Two months ago, Burger King's Twitter account was also hacked. Its background picture was changed to a McDonald's image, and a message was posted announcing that the company had been sold to its rival.
No isolated incidence
The AP attack might look like an isolated incident, but unfortunately such attacks are fairly common. In fact, the group behind the hack, the self-proclaimed "Syrian Electronic Army", also hacked the Twitter accounts of watchdog organisation, Human Rights Watch; French news service, France 24; and the BBC's weather service.
But it's not only Twitter accounts that are at risk. Many of us still remember the theft of a series of compromising photos from Scarlett Johansson's cell phone, for example. Preliminary investigation seemed to indicate that a hacker had been able to launch a cyber-attack on the actress's cell phone, accessing her personal information. Later, however, it was found out that the 'hacker' was simply someone with a penchant for hacking into celebrities' accounts who had been able to guess the star's email address password.
Panda Security offers some simple tips regarding social media passwords by way of protection from this type of attack:
- Size matters: The longer the password, the safer it will be.
- Do not use personal information (your name, your phone number, etc.) to create passwords.
- NEVER use the same password for multiple accounts.
- Use passwords that are a combination of numbers, letters and special characters. The more complex the password, the safer it will be.
- Change your passwords frequently.
- Do not reveal your passwords or send them via email.