Last night while sitting happily watching the latest episode of Top Gear with my wife, my pocket vibrated and I got the news that my Twitter account had been hacked. A couple of helpful followers had mentioned me to say they’d received a weird direct message from me. I looked and sure enough, I’d sent out a weird tweet and a few DM’s. I immediately turned on my PC and went into action.
Over time I’ve seen plenty of people hacked, from friends to journalists to tech people. No one is safe, but I was a bit annoyed as I thought I’d be relatively careful. I was aware however that my passwords were lacking in optimal security. But I was being carefree about it, why would anyone bother hacking me? It’s not like I have many followers or popularity. So I left the task of improving my password to another day – typical procrastination. I’m sure you’re guilty of it too. Password security is a hassle. Having to have multiple passwords and remember them all, but not just that, to actually use something that’s secure – not your birthday, your cat’s name or ‘password1’. Obviously I hadn’t been that lax, my password was a mix of letters and numbers and not dictionary words, but it still wasn’t sufficient.
The other usual way people get caught out on Twitter is phishing links and dodgy DM’s. I’ve always taken care to avoid clicking links, especially from accounts that look suspicious, but even from people I know where they’ve just sent a link and nothing else. Not only are my friends not that lazy, they’re more sensible.
Repairing The Damage
Obviously the first step in dealing with the issue was to go and change my password, then go about fixing the rest of the problems – apologising to followers and messages, deleting new follows (the hacker had followed a load of random accounts) and then moving onto securing more of my online presence. I spent an hour on it, but I feel a bit more comfortable now.
I’ve written before about using Keypass to create safe and secure passwords but I’d foolishly not followed my own advice across the board. Now was the time to do just that. So I booted it up and set about generating long, complicated and intricate passwords. Set to 25 characters, with numbers, letters, special characters, spaces and brackets my old password was replaced by a new uber password. I then discovered that Twitter has a two-factor authentication system that I wasn’t aware of. So that’s setup too.
Under security and privacy, there’s a login security section where you can require Twitter to send verification emails to your phone. This means that even if someone does break my new super password then they’ll still fall down as they won’t be able to get the verification code as well.
Once that was done, I checked the apps (and removed any I didn’t trust), checked my profile, links and email address, then moved on elsewhere. I later came back and removed followers and blocked certain people, but I won’t both you with that.
On the basis that Twitter was so easily hacked I thought it was a good time to protect other things rather than get burned again. Twitter was connected to my Yahoo! email address, but luckily I’d already set that up with a good password (and different from Twitter) so I was pretty sure that was secure. But just to be sure I changed that as well. Then Gmail, Facebook, Paypal, Ebay, Amazon, Ebuyer, Steam, the list goes on. Each of those accounts now has a password so long and complicated I couldn’t possibly tell you what it is.
Side note – Keypass lets you generate unique passwords with a variety of settings including length, complexity and more. You can then copy and paste these onto the websites and save to keep your account secure. I used a different password for each and saved them all into my password database. However, Paypal was a major pain, you can’t copy and paste when resetting your Paypal password, so if you want a mega secure password you have to manually type out every letter, character and number. This was a massive hassle, but hopefully worth it. Paypal does have two-factor authentication as well now, so I’d recommend using that.
The moral of this story is to do this before you get into trouble. It doesn’t take long really and it ensures your passwords are secure and unique across the board. So many sites are getting hacked lately, if one gets attacked you’re leaving yourself wide open to getting hacked elsewhere.
If you need a horror story to scare you into action (as mine is a bit ‘meh’) then I’d recommend reading about how @N got stolen by social engineering, stubborness and foolishness (using a domain email address rather than Gmail).