What’s the best way of trending on Twitter? Given that we are owned by a digital media marketing organization, Techtree.com would prefer to refrain from sharing trade secrets. Having said so, the easiest method of capturing attention on this micro-blogging website is this: Raise a Storm in the Teacup!

So, when micro-blogging website announced to the media that it had notified millions of users of a possible security breach from their database, the trending topic obviously became Twitter itself. It revealed that close to 33 million usernames and passwords were compromised.

Coming on top of the latest in a string of leaks over the past month impacting social networks such as Linkedin.com, MySpace.com and a few Russian language websites, the latest news was enough to set off panic attacks across the entire Twitter community.

Thankfully, the Twitteratti across India remained largely oblivious to the challenge despite a few media organizations carrying reports of the alleged breach of security. If we can help it, we’d like to keep things that way, given that Twitter itself has changed ‘Code Red’ to ‘Code Yellow’ this morning.

Let us try to reconstruct the entire sequence of events that took off some time last evening (India Time) and continued through the night…

What Happened?

A website called LeakedSource, announced rather pompously that it had more than 1.8 billion records in its database and that all these pertain to the Twitter users. The company, which sells such records for a fee, suggested that it wasn’t Twitter that was hacked.

These words were echoed by Michael Coates, Twitter’s trust and information security officer, who claimed that the company was quite confident of the fact that the records weren’t flicked from their servers. “There is no indication that we have been compromised,” he asserted.

Both of them went on to suggest that the formatting techniques used to put the data in a certain order actually suggested that some malicious element might have assembled the database using information captured from previously hacked computers. Which ones? Well! It is anybody’s guess.

A report published in the Wall Street Journal quoted a blog by LeakedSource to state that the company had obtained the Twitter data from someone using the alias [email protected], which incidentally was also the account that supplied the databases of Linkedin.com and MySpace.com recently (Full Story).

Oops! Twitter Co-founder’s Account Hacked

What set the cat amongst the pigeons was the report that Twitter co-founder and former CEO Evan Williams got his account hacked for a brief while. Though it happened on Wednesday, the ripples continued through Thursday following the reports of a mass scale hacking.

A group calling themselves OurMine claimed responsibility for hacking Williams’ account in a tweet that was deleted minutes later, says a report published in Mashable.com. The group was the same that had claimed the onus for compromising Mark Zuckerberg’s social media accounts. (Full Story).

Williams was quoted by the news article as saying that the hackers gained access to his Twitter account via FourSquare. He did not divulge more details and the company also refrained from comments, claiming that they would not like to make a statement on individual accounts.

The Story After the Storm

After the initial panic, Twitter went about analyzing the information provided by LeakedSource. “The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both,” Coates wrote in a blog post titled Keeping Your Account Safe.

Leaving nothing to chance, Twitter also made an effort to secure the accounts of users whose information was purportedly leaked. They did so by asking these users to reset their passwords immediately.

A report published in Wired.com quoted a representative of the hackers to suggest that the data from recent hackings was offered privately to spammers targeting individual accounts. Thereafter, it was put up for public sale, with the Linkedin.com list alone getting sold for USD 20,000.

Coates takes pains to point out that the attackers mine the exposed username, email and password data, leverage automation and then attempt to auto-test the login data and passwords against top websites. “If the person used the same username and password on multiple sites, then attackers could, in some situations, automatically take over their account,” he says.

Coates also mentions in the blog that some of the passwords supposedly linked to Twitter were not valid. This is what led the Twitter mandarins to believe that the data could be a hotchpotch of old breached data or a case of repackaged material generated from old security breaches.

So, What Next?

Nothing much! Of course, one could apply the ‘better-safe-than-sorry’ theory here and get some extra protection. Here is how one can go about it…

• Go to Twitter on the desktop
• Click on Profile and Settings on the top right-hand corner
• If you couldn’t find it, look under your ‘Avatar’
• Go to Mobile and enter your phone number
• Twitter will send you a confirmation code
• Enter it on the account and hit ‘Return’
• Now visit the Privacy and Security section
• Check the box that says ‘Verify Login Requests’
• You will get yet another confirmation code… just to make sure
• You are done!
• Now every time you log in, a special code sent to your phone is required to crosscheck that it is really you.

Also Read:

Sinking Twitter Reaches Out To Yahoo

Mark Zuckerberg's Pinterest And Twitter Accounts Hacked

Tags : Twitter, Accounts Hacked