Easy Tips for Avoiding Twitter Hacks
2013 might be the year of the Twitter hack.
Back in February, Burger King and Jeep both endured hacks of their accounts. Last week, the Associated Press Twitter account falsely reported a bombing at the White House after hackers gained control. Tuesday, The Guardian's Twitter account was also reported hacked, though no rogue tweets went out.
In response to the hoopla, Twitter issued a warning to news organizations, which Buzzfeed then published: "We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers," the memo stated.
Considering the hacks of Burger King and Jeep, non-media brands are almost certainly in the crosshairs, too.
In its memo, Twitter offered tips for preventing hackers from accessing a brand or media account. The company is implementing two-factor authentication, but it's offering a few simple solutions in the meantime. Here are the key tips Twitter suggested, along with helpful advice from other sources.
1. Change your password regularly.
Password hacking has become sophisticated to the point where passwords like 'love' or 'guest123' might as well be welcome mats to hackers," attorney Brett Snider wrote on the FindLaw blog. He and Twitter both suggest using random password generators and passwords that are at least 20 characters long.
2. Don't share passwords via email.
According to AP reporter Mike Baker, the hack of its account came "less than an hour after some of us received an impressively disguised phishing email."
3. Limit access to your account.
Writing at socialtalent.co Holly Fawcett suggests having fewer than five people in the company who know the Twitter password. "I'd also advise you to draw these account managers into some sort of loss-prevention document where they are made painfully, and plainly, aware of the seriousness with which they guard the vaults," she wrote.
4. Be careful with mobile devices.
Smartphones are easily lost or stolen, and if you're logged in to a corporate Twitter account on your phone, a thief could easily tweet away as you. "Once it falls into the wrong hands, the last thing you're thinking of is your Twitter account," Fawcett writes. "Don't trust yourself to keep a smartphone guarded with pre-programmed passwords for your corporate Twitter accounts inside it."
5. Be careful about logging in.
If you aren't using a third-party Twitter client, be sure you've accurately typed in the Twitter.com URL before putting in your username and password. "Twitter recommends that you always check that you're at Twitter.com before you log in to prevent possible phishing," Snider wrote. Likewise, don't let browsers save your password.
6. Review your authorized apps.
When you agree to give a third-party app access to your Twitter feed to retweet directly from a website, share social info or make other connections-you're agreeing to give that app a degree of access to your account. If you have apps that you're not using or that you don't recognize, get rid of them, Twitter warns.
7. Know what you're clicking.
"Don't click on links from Twitter accounts you aren't familiar with," Snider writers "These links can contain malicious software that will silently download themselves onto your device and make your account vulnerable to hackers."
8. Make sure your accounts are official with Twitter.
Twitter keeps tabs on bigger, official brand accounts. "Please send us a complete list of all accounts affiliated with your organization, so that we can help keep them protected," Twitter's memo stated.
9. Create a plan and use it.
Twitter's memo recommends building a crisis plan specifically for hacks and using it when you suspect there could be a problem. For example, if you get a suspicious phishing email, change the password.
10. Keep an eye on your account.
In a post about avoiding Twitter hacks not long after the Fox News account was compromised, Ethan Klapper at the 10,000 words blog said knowing you've been hacked as soon as it happens can greatly reduce damage. "The sooner you are able to spring into action in your response to an account that has been compromised, the less damage that can be done," he wrote.