Maybe you, or one of your children, or one of their friends recently received an email from Twitter saying their passwords may have been hacked, and that Twitter had reset their passwords and revoked session tokens for their accounts.
The company posted a notice saying that "Twitter's servers have been breached by 'extremely sophisticated' hackers who may have made off with user names and passwords for about 250,000 users. "This attack was not the work of amateurs, and we do not believe it was an isolated incident," the company said in its post.
The hackers apparently had access to users' names, email addresses and encrypted passwords.
Twitter Director of Information Security Bob Lord said in a blog post "We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information — usernames, email addresses, session tokens and encrypted/salted versions of passwords — for approximately 250,000 users."
Twitter said that fewer than 250,000 accounts actually may have been hacked. Normally, when it thinks a user's account may have been compromised it automatically resets the password and notifies the user. In this case, out of an abundance of caution, it resent considerably more passwords than it probably needed to.
"We apologize for any inconvenience or confusion this may have caused," Twitter said in the email sent to subscribers.
Even if you or someone you know were not among the 250,000, this might be a good time to do some maintenance on your Twitter account. For instance, it's a good idea to periodically check on your Twitter app permissions. Go to "Settings" in the drop-down menu at the upper-right corner of Twitter.com, click on "Apps" in the left sidebar, and click "Revoke access" for any third-party apps you don't use still use.
This incident at Twitter pushes the whole topic of passwords once again to the front.
Twitter's Lord in his blog post urged all the service's users to ensure they are using strong passwords both on Twitter and elsewhere on the Internet. He repeated what is a rule of thumb among computer security experts: passwords should be at least 10 characters and use a mix of upper- and lowercase letters, as well as numbers and, if allowed, symbols.
Then, too, it repeated a warning you hear frequently from the experts: "Using the same password for multiple online accounts significantly increases your odds of being compromised."
Stated simply, if you use the same password for multiple accounts, it may be compromised on a single account, a social media site, for instance, that does not have all that much value to you. But the hacker now has the key to your more valuable accounts and the damage you face now has grown exponentially.
It is not easy to create strong, different, passwords for all the accounts you need them for and then to manage them. In my next blog I'll share some ways to accomplish this.