Twitter accounts hacked, including encrypted ones

  john bunyan 18:17 02 Feb 2013

I hear that a quarter of a million Twitter accounts have been hacked, including some encrypted ones. See:

Twitter BBC

I am not a Twitterer as I think it is a bit narcissistic but if these people can hack encrypted files , is on line banking next?

  Forum Editor 18:36 02 Feb 2013

"...if these people can hack encrypted files , is on line banking next?"

Online banking security is a lot more robust than Twitter, but in theory anything can be hacked. Banks use some sophisticated methods of security enhancement - mine, for instance, knows if I use anything other than my laptop to try to access my account, and it asks me to provide the answers to two additional security questions before it allows me to use my username/password/security code combination.

Banks accounts have been hacked, but it's a rare occurrence, and if it happens your bank should make good any losses - provided you can satisfy it that you took adequate steps to protect your login details.

It goes without saying that you should never, ever, under any circumstances allow these to be stored on your computer. If you use a public access computer - in an airport or hotel, for instance always go into the browser settings when you've finished, and delete the history. I also clear the cookie cache, but it's best never to use public access machines if you can avoid it.

  simonjary 09:55 03 Feb 2013

More details and online password security tips here.

  fourm member 11:11 03 Feb 2013

There's very little difference between user accounts getting hacked on Twitter and someone getting their PIN stolen because they mutter the numbers aloud as they type them in. (Believe me, I have stood behind someone who did that.)

If your twitter password is 'twitter' or 'password' or something easy to guess then you are more likely to lose it than if it is '23GtC!879eh'.

  Quickbeam 11:18 03 Feb 2013

The trouble with secure passwords like the above, is that it's quite unmemorable, and if you have a dozen like wise and not noted down, you'll never access your account again.

Hands up who keeps this sort of information in their phone or similar hidden under a made up contact name.

  chub_tor 11:43 03 Feb 2013

Am I misunderstanding this? Surely it was the Twitter servers that were hacked not individual PCs? Yes there were phishing emails sent out afterwards to try and gather more but the 250,000 accounts were compromised not because of how strong or weak their passwords were but because Twitter security was inadequate.

A few years back I had my security details breached when hackers got into Cotton Traders, it wasn't my fault it was theirs and we were warned pretty quickly to amend our details not because they were weak but to build up a new identity with Cotton Traders.

  fourm member 12:27 03 Feb 2013


'Am I misunderstanding this?'


You are right that it was Twitter's servers that got hacked but the accounts the hackers accessed were those where the passwords were easy to guess.

Twitter has about 175m users but only 250k attacks succeeded before it was detected and blocked.

Once you've got into a server you start by looking for easy passwords. You try all the dictionary words because there will be people who think 'aardvark' is a strong password.

If you get the chance, you then search people's Tweets for common words because there will be people who tweet about their cat, 'Mogpuss', and use that as their password.

Then you'll pick up some more accounts from people who use their birthdate and then Tweet 'hooray it's my birthday'.

So, yes, Twitter's security had a flaw (tell me any service that doesn't) but the users who got hacked bear a good part of the responsibility.

  Forum Editor 13:44 03 Feb 2013

I once received a plaintiff call from the Marketing director of a fashion company, asking for help because 'my computer password has been hacked, and someone has stolen some new designs'.

When I arrived he tearfully explained that the hacker must have been really professional, because the password was very secure. When I asked him to write it down (the room was full of people) he wrote 'dr0wssap'.

I explained that he had chosen one of the easiest passwords to guess, and that I would have been into his files in about 1 minute flat. He was astonished, and couldn't believe that he had chosen one of the 'top ten' guessable words.

As fourm member says, people commonly choose passwords that are in everyday use, and often associated with them - the name of their wife, or one of their children, for instance.

The trick is to use an alpha-numeric string, but one which for you will be memorable for some reason. if you're a pig farmer you might decide on p0rkyw0rk1n30n which you'll remember as porkyworkinson. That's a simple one, but you get the idea.

These passwords are much more difficult to crack, and with a little practice you'll develop a personal convention which will allow to to create memorable, secure passwords easily enough.

Don't try to invent a new password for every single application or website you use, that policy will soon have you wallowing in a sea of confusion. Use two or three passwords for different contexts, and stick at that. remember, we all like to think that our personal files are ultra-attractive to hackers, but of course they're not. Nobody is interested in hacking the Simon Cowell fan-club database for your login details - hackers are after details that can result in access to information that has value. Anywhere money changes hands, for instance, is a possible target, so banks, and e-commerce sites are definitely up there, presenting a juicy target.

I never accept the invitation to 'store your card details for future purchases' when I make online purchases.

  fourm member 14:45 03 Feb 2013

'Don't try to invent a new password for every single application'

I was trying to come up with a way to have strong passwords with a different one for every application but easy to remember. I was posting my idea when I realised it might actually work so, sorry, for my eyes only.

  john bunyan 16:31 03 Feb 2013

If a teenager can hack the Pentagon and CIA , then on line banking etc seems a little risky. I suppose eventually we will have to have uncrackable codes based on prime numbers or One Time Pad style passwords for things like on line bank accounts.

  BT 17:53 03 Feb 2013

"One Time Pad style passwords for things like on line bank accounts."

Don't we already have something like that in the Barclays Pinsentry and other banks' devices where it generates a seemingly random code after you have inserted your Debit or Authorisation card, then part of the card number and a PIN. The number is valid for one use only and expires after a short period of time. I'm sure the numbers aren't really random, but to me seems far more secure than typing in the same reference and passwords each time.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment utiliser Live Photos ?