A hacker claims to have come across the login information to the millions of Twitter accounts and trying to sell them online. The same hacker alias is linked to earlier leaks account details from the great Russian site VK.com. Recently, even databases of credentials include LinkedIn, MySpace and Tumblr appeared.
The site Leakedsource that collects data on leaked passwords claims to have gained access to the database and will have confirmed that the information is genuine. Where it is alleged that in the case of over 32 million unique accounts, and the information includes email addresses, user names and passwords in clear text. This means that passwords are not encrypted and thus can be used to log in and take over an account.
The leak has not been confirmed by Twitter, and the company’s security chief Michael Coates says he is confident that even if the data would be genuine, they will not from one notch to the site.
“We are working with Leaked Source to obtain information in order to take further steps to protect our users,” said Michael Coates on Twitter.
Other security have set themselves skeptical that there is a hack and believes that more and better evidence is needed. The site Zdnet have access to email addresses and passwords from the database to some of the employees of the company, two of them say that the information is correct and a third e-mail address is incorrect.
The alleged leak follows a series of similar leaks using passwords from several large sites. It was mainly from hacks that occurred several years ago, but users who have not changed the password for a long time could suffer. The sites took measures to make the old password from before the leaks are believed to have been invalid. Leakedsource believe that the information in the Twitter database from 2014.
Even Leakedsource write that they do not believe that the information came from a hack on Twitter. Site theory is that they collected from the users’ own computers. They may in that case have been infected by a virus that fish up logins that are saved in your computer’s browser and sends the wider, something that is very difficult to protect themselves against the virus takes hold well in the computer.
An analysis of this and previous leaks show that many users have bad password. The password that occur most frequently in the database is “12345″, and on the top ten list are several similar simple passwords like “password” and “qwerty”.
A good password should not consist of words found in any dictionary, mixing uppercase and lowercase letters, numbers and special characters. They should also be at least eight but preferably twelve characters long. The problem is so clear that it is unreasonable to remember those passwords to all sites to use.
A variant of this is the so-called password sentences, grammatically correct but absurd sentences that are not likely to be found in any book. For example, “fiolensrikstagsmagnetefterlysesiguld”. Easier to remember, but difficult to write.
A solution is to use a so-called password manager. It is a program that randomizing secure passwords for you and store them in a secure database. The database is encrypted and locked with a single password, and you should then be extra careful to choose a really secure password that you memorize. Some password manager can also be used on the phone and there are solutions to sync your encrypted database to all the computers and phones that you use.
To this to remain safely must of course computer and telephones also be free from malicious programs that can fish for information. Antivirus software is now important, and you have to be very careful with the emails you get and what files you download from the web. The default should be to treat all attachments in e-mail with caution, and that applies not only programs but also documents may be fake and infect your computer if you run them.
Another way to protect e-mail accounts and social media are so-called two-part authentication. It is supported by most large enterprises today and means that in addition to the password, a code in a text message or a special app that you must use when you log on to a computer for the first time. Learn how it works before you turn it on and find out how to reset the password. Otherwise, you may be locked out of accounts if for example you lose your phone and number.
No comments:
Post a Comment