The internet has been abuzz with two recent massive hacks: one that breached social media relic MySpace and the other that potentially exposed 32 million accounts on microblogging platform Twitter. While both websites navigate how to correct these incidents, users aren’t left with a lot of answers. However, there are some important lessons from these hacks that can help protect you from damage in the future.
Update your passwords often
Twitter users recently learned that 32 million accounts were potentially exposed in a major malware attack on the site, as Leaked Source reported. The site said it found that the released data set included email addresses, usernames and passwords associated with accounts.
After news of the breach emerged, though, Twitter assured users that it was “confident that usernames and credentials were not obtained by a data breach, [and that] systems have not been breached.”
However, this doesn’t mean that Twitter has been completely safe from breaches. Hackers have also recently infiltrated a number of celebrity or brand accounts, including that of the NFL, Facebook creator Mark Zuckerberg, popstar Katy Perry, rapper Drake, Rolling Stones guitarist Keith Richards, and late Beatles member George Harrison, among many others.
Unlike major data breaches, these targeted attacks are typically meant to embarrass a public figure, start rumors (such as the false announcement of actor Jack Black’s death) or promote the hacker’s own Twitter account. The average user can still learn a thing or two from these incidents, though.
Firstly, you should always use strong passwords. When Mark Zuckerberg’s account was hacked, it was because he reused the password “dadada” across multiple accounts. Even as the creator of the biggest social network, Zuckerberg forgot the cardinal rule of online security. A password should contain a mix of letters, numbers and symbols that don’t include any easily guessable words or phrases. You should also make a different password for every account you use. Reusing passwords, as Zuckerberg did, meant hackers could access his other accounts, like Pinterest and LinkedIn.
Most importantly, don’t wait for a breach to occur to change your passwords. You should regularly update them, because hackers often wait a while to use information gleaned from major breaches. You never know exactly when your information has been compromised, so it’s best to get in the habit of changing them often.
Delete unused accounts
You may think those old social media and email accounts collecting dust somewhere in the ether aren’t of consequence to you anymore. However, as the recent hack of social network MySpace proved, that couldn’t be farther from the truth.
In May, MySpace discovered a hack that occurred in June of 2013, exposing email addresses, usernames and passwords for accounts on the site created before June 11, 2013, when the site was in its old platform.
According to a blog post on the site addressing the hack, MySpace has invalidated all passwords for impacted accounts. If users try to log back into the site, they will be prompted to authenticate their accounts and change their passwords.
While you think it’s just embarrassing high school photos that lay dormant on your untouched MySpace page, a hacker could easily access so much more, especially if you’ve transferred the login information for that account to others you use now, like your email address or Facebook credentials.
That’s why you should delete old accounts if you decide to part ways with them. Leaving that information out there without actively monitoring it could lead to more serious outcomes than someone seeing an old picture of you. Possibly, you also included information like your name, age, date of birth and location - all of which could be useful to a hacker.
Beyond protecting yourself online with these tips, it’s also important to keep an eye on other sensitive information to reduce your vulnerability to threats like identity theft. For this effort, you should consider investing in a credit monitoring service like Identity Guard, which can notify you of certain activity that may indicate fraud by monitoring different data points.