Twitter battling security breaches impacting user accounts

motorola_moto_x_pure_edition_twitter_profile_TA

Twitter has managed to keep their servers safe amidst reports of attempts to hack them to gain access to user accounts. However, the company has acknowledged that it appears attacks and breaches on other web sites may have put user accounts at risk. To combat this, Twitter has taken to locking some accounts over the past few days pending owner password resets and they have posted an entry on their site with information on the current situation and tips for users.

According to Twitter, they began investigating claims that @names and related passwords were available on the “dark web.” The information appears to have been collected from breaches on other web sites or via malware installed on user machines. Combining data from different sources, hackers are then cross-referencing the data to try to build profiles of user accounts and passwords that can be tested against top sites like Twitter. They may end up being successful with these attacks if users have used the same password on multiple accounts or services.

Twitter points out that they take several actions on an ongoing, routine basis to try to keep user accounts secure. Some of these steps include things like the use of HTTPS everywhere on the site and the use of bcrypt to secure account credentials. Twitter also monitors access to accounts based on location, device being used and login history. These steps help them identify suspicious account access attempts or behavior and may trigger a lock on an account that requires a password reset.

As far as steps that end users can take, Twitter encourages users to implement two-factor authentication for their accounts. They also recommend users implement a strong password that is not used on any other web sites or services. One way to implement that second step is to use a password manager to keep track of them and generate unique passwords.

source: Twitter


About the Author: Jeff Causey

Raised in North Carolina, Jeff Causey is a licensed CPA in North Carolina. Jeff's past Android devices include an HTC EVO, a Samsung Note II, and an LG G3, and a Motorola Moto X Pure Edition along with a Samsung Galaxy Tablet 10.1. He currently uses a Samsung Galaxy S8 and (very rarely) a Nexus 7 (2013). He is also using a Verizon-branded Motorola Moto Z Play Droid supplied by his job. Jeff used to have a pair of Google Glass and a Moto 360 Sport in his stable of gadgets. Unfortunately, his wife and kids have all drunk the Apple Kool-Aid and have i-devices. Life at home often includes demonstrations of the superiority of his Android based devices. In his free time, Jeff is active in his church, a local MINI Cooper car club, and his daughter's soccer club. Jeff is married, has three kids, and a golden retriever.