Thanks to an erroneous tweet from the Associated Press Twitter account, @AP, people far and wide were panicked over an alleged bombing at The White House and the supposed injury of President Barack Obama. It only took a moment to set things straight and reveal that it was the work of hackers. But that was plenty of time for the fake news to shoot around the world and instantly up-end the Dow, which plummeted more than 100 points within moments. (The market, however, rebounded equally fast when the truth came out.)
While most individuals do not have the AP’s reach and breadth, personal social media accounts aren’t any less vulnerable. Sure, the Syrian Electronic Army hackers probably won’t go breaking down your digital doors, but there are plenty of other hackers and pranksters that are all too willing to create a little havoc of their own.
The service is reportedly looking into two-step login verification, but until that happens, bear this in mind: When it comes to safeguarding your own Twitter account, a little common sense goes a long way.
Do not click on links from random people: You don’t click on email links from strangers, and you likewise shouldn’t do it if a random person tweets one to you either. And if a strange link comes from someone you know, use your gut. If something looks “off” or strange about it, doublecheck it with the person via email, IM or another way. For all you know, the friend’s account could’ve been hacked.
Look for the “https”: When you’re on a secure site, the URL starts with “https://” (with an “s”). So when you’re ready to hop onto Twitter, make sure that you’re signing in securely on the official log-in page by checking for the “s.” If the web address doesn’t have that, you could be vulnerable to phishing that puts your username and password at risk.
Don’t use the same password on all accounts: This is a no-brainer. If a hacker gets one of your logins, he or she could have access to all of them if you don’t change them up. And pay attention to your email account. Should someone get in and reset your login or contact email, Twitter will send you a notification email.
Change Twitter setting to require personal info for password reset: By default, changing a Twitter password only requires the @username to initiate the reset. But if you go to your account settings and check the box next to “password reset,” the user will also be prompted to enter the email address or phone number on file.
Curate your third-party apps: Since you’re in your Twitter account settings anyway, it’s a good idea to check out your list of Apps. These are applications that you have enabled to work with your Twitter account. It’s always a good idea to curate this list, remove any dead weight, and reconsider any third-party apps that might seem suspicious in hindsight — like those from little known developers that request your actual password.
The AP’s Twitter hack seems to have stemmed from separate phishing attacks, like those that often plague large companies, banks and other secure corporate networks. Usually, they show up as emailed links that inject malware to uncover login credentials, but many are taking on even greater disguises. There’s one right now that exploits the Boston bombing by sending people video links that trigger an infection.
So in the end, the best way to secure your Twitter account — and indeed all of your accounts — is vigilance and common sense. And if you do discover that your account was hacked, contact Twitter immediately. (You can do so here.)
Has your Twitter or other social media account ever been hacked? Let us know what happened and how it got resolved in the comments. And if you have any other advice, be sure to share below.