In the last couple of hours three prominent social media accounts have been hacked: The Twitter accounts of Newsweek and Twitter CFO Anthony Noto, as well as the Facebook account of Delta Airlines. And there’s more.
There were all those passwords published this morning too! A well-meaning security expert assembled 10 million previously-leaked passwords and released them out into the world today. That password dump was probably unrelated to the social media hacks, however. When I asked security expert Per Thorsheim whether there was any possibility of a correlation between the dump and this morning’s hacks, he replied: “Close to none. Those attacks have historically been done using phishing attacks as far as I know.”
So those social media accounts got owned when somebody clicked on a link they shouldn’t have, or put in their passwords into the wrong form. Just like that, they gave away the keys to their social media castle.
In a completely different kind of security breach last week, insurance megacorp Anthem was hacked and lost what appear to be millions of personal details about its customers. Criminals immediately used these details to scam people.
But! There are ways to protect yourself! You can protect yourself from some attacks if you simply use two-factor authentication on your accounts. Most prominent online services, including Twitter and Facebook, offer two-factor authentication, which makes it very hard for people to use password dumps to get into your accounts. That’s because two-factor auth requires both a password and a key generated by an app on your phone. It’s hard for adversaries to get both.
Take all of these hacks as a good reminder to get two-factor auth — and change your password. Change it regularly! It’s just good data hygiene.