Were Twitter employees tweeting their porn names?
Image via CrunchBase
I’ve written before about the hazards of weak passwords. See: ‘Porn Name’ game part of devious plot to steal your money and identity.
Essentially, most of us have terribly uncreative passwords — often based on our addresses, our birthdays and anniversaries, and the names of our pets and children — making it easy for someone with a lot of time and a lot of curiosity to break into our accounts.
Twitter was burned by the weak password phenomenon this week. A hacker broke into the personal accounts of a number of Twitter employees as well as the Gmail account of the Twitter CEO’s wife, by guessing or cracking their passwords. “Hacker Croll” accessed hundreds of sensitive documents and then leaked them to blogs, including TechCrunch, which has chosen to publish some of the documents.
Having exploited these weak links, [Hacker Croll] apparently used Web sites’ password-retrieval features to get passwords for other accounts, including Google Apps, in a technique known as hopping….
The breach has shone a bright light on the security of confidential data that we store in increasingly popular “cloud” services like webmail accounts and Google Apps, where data can be accessed from any computer, typically with just a username and password. But with this convenience comes extra risk.
It’s also a vivid example of how our choices about how we protect our personal accounts – or don’t -– can have serious consequences for our family members and our employers. It turns out not to be just a personal choice — we put others at risk, too.
via Twitter Gets Hacked. Can It Happen to You? – Gadgetwise Blog – NYTimes.com.
Gadgetwise offers some tips on strengthening the protections around your online data, including using different passwords for different accounts and picking strong passwords.
The question of course is whether our desire for privacy and security will outweigh our laziness. Using a variation of one password for all of your accounts is definitely stupid, but it sure does make life easy. That is, until your accounts get hacked.
Post Your Comment
You must be logged in to post a comment
T/S Members
Log in with your True/Slant account.
A password I’ve used for a while now, which I use for several accounts (oops), is phrase reflecting a philosophical belief system of mine comprised of upper and lower case letters, numbers and underscores with some of the words missing a vowel or consonant or two. If anyone’s trying to hack my accounts, there’s your clue!
My first Facebook password was ‘facebook’. I once posted a status update in the third person stating just that, and several people contacted me saying that theirs too had at some point been ‘facebook’. None of us had been hacked, which puzzled me, and still does. Can a password be so-obvious that it’s secure?
It’s a lot like locks on your car. If a car thief really wants to get into your car, the best locks won’t keep them out. But if you drive a junker with nothing of value obviously visible, you can probably park in the worst part of town without worrying too much.
In response to another comment. See in context »The people who get hacked tend to be visible targets – if you’re the CIA you better insist on frequently changed strong passwords. If you’re average Joe from Kokomo, what do you have to hide?
As my Dad once told me when I was a kid- locks only keep your friends out.
In response to another comment. See in context »Like the use of “password” for a password? Hiding in plain sight doesn’t work well against digital attacks. That’s gotta be at the top of every hacker’s dictionary attack, yet people somehow think that p@ssw0rd is infinitely more secure… or in your case, f@c3b00k!
In response to another comment. See in context »