I saw two interesting things recently that have me thinking about security and protecting yourself on Twitter. I had searched the hashtag of a convention that was going on nearby, interested in who was presenting and what attendees were saying about it. I was scrolling through when a string of decidedly Not Safe for Work tweets all came up in a row, showing pictures of what looked like women dancing for tips, and inviting attendees to join. “This is incredible,” I thought. “A group of attendees at this prestigious conference have gone off to a strip club, and not only are they tweeting about it, they’re using the convention tag? Are their brains functioning??” I was dumbfounded, until I realized that the tweets weren’t coming from attendees at all—they were coming from the management of a local establishment, advertising themselves to convention-goers.
Not even hours later, a notification on my phone told me that hackers had gotten access to the NFL’s official Twitter account, and tweeted out the erroneous report that Commissioner Roger Gooddell had died. They were even going back and forth with the real account managers, sending taunting replies as the fake tweets were hastily deleted.
Both of these incidents highlighted something very important—people don’t always understand how to protect themselves on Twitter.
Hijacked Hashtags
Hashtags are a brilliant way to sort through the teeming slush pile of Twitter. Effectively using hashtags allow you to target your message to its intended audience, find relevant content as it happens, and take part in live discussions. Have you ever tried searching the hashtags for details of a breaking news story to get several scoops at once? They’re ubiquitous at conventions, and provide a second layer of conversation happening online while attendees listen to talks and network in real life. Convention organizers often define and distribute an “official” hashtag to use when talking about the convention, but there’s an important weak point: a hashtag can never be “official.” You can never own a hashtag, you can never control who uses it, and the tweets of anyone who does use it are just as visible as yours. You can’t clean up or do damage control on a hashtag feed, either. As in the above example, there’s nothing that the convention organizers can do to stop any strip club from using their hashtag to promote their services, and they can’t remove the messages after the fact. Anyone searching for information on the convention sees those pictures, and may assume that they are officially sanctioned messages, as I at first did. The best that they might be able to do is churn out a lot of content quickly to try to push the embarrassing tweets a bit further down a chronological feed.
Hijacked Accounts
The hackers responsible for the NFL tweeting reported that they got access to an employee’s email address, and from there got the password. WIRED does a fascinating write-up on social hacking, whereby someone looking to gain access to your accounts aggregates data about you from a few different sources, and uses it to bypass your security questions, or else poses as you to customer service for a password reset. Unauthorized access to your email is a huge failure point, because someone with control of your email can simply request a password reset for any of your accounts to get in. For this one, the same old boring advice that we all keep ignoring is the best prevention. Use strong passwords, never a dictionary word or the name of the service. Never share passwords between accounts. I know how impractical that seems when we have dozens, but hackers with access to one of your compromised passwords can (and do) check them against other accounts to see if you’ve reused them. If nothing else, at least make your email password obnoxiously long and unique from any other one that you use. You can check here to instantly see if your email address has been associated with any significant data breaches.
As ever, vigilance is the key when protecting yourself on Twitter. What many people don’t realize is that, while hacking into a Twitter account may seem useless, (it’s not like you keep your credit card number on there), there are hackers who will do it just for fun. Seriously. Keep an eye on your accounts, pay attention to what’s happening with the hashtags you use, and protect your Twitter password like it’s your social security number. (Or, preferably, better than that. You can buy those online these days.)
yes, nowadays quite a lot of social media accounts are well known and have vital functions harmed by the act of account hijacking. it is quite difficult indeed to protect a social media account from it. because hackers are quite clever and smart