In these days of social media, everyone needs Twitter in their lives. But there’s some bad news if you use the micro-blogging social network. Apparently over 32 million accounts and passwords have been leaked, according to TechCrunch, so it’s time to secure your account before you lose control of it.
Don’t be alarmed, it’s not Twitter itself that has been hacked. The company announced that its investigations showed its servers weren’t hacked. The usernames and passwords were probably compiled by “combining information from other recent breaches, and malware on victim machines that are stealing passwords for all sites.”
What this means is that even if you have taken precautions to stay safe from being hacked on Twitter, there’s a chance that your details have been leaked. Twitter itself has attempted to notify users who are affected by this, asking them to change their passwords.
Check If Your Account is CompromisedThe bad news is taken care of; let’s move to the good news. There’s actually one single place to check if your account is among those compromised by this leak.
The leak was detected by LeakedSource, a new database of over 1.8 billion leaked records across different sites and sources. LeakedSource obtained a copy of the Twitter leak and added it to its repository, thus making it possible for you to search for your account.
Here’s how to do it:
- Go to LeakedSource.com
- Select “username” in the drop-down choices, and key in your Twitter handle (e.g. @mihirpatkar) in the field for “Search Term”
- Click the Search button to see if your account has been leaked
- Repeat the second and third steps, but select “email” in the drop-down and use the email address you used to sign up on Twitter
- Repeat the second and third steps, but select “phone number” in the drop-down and use the phone number associated with your Twitter account
If Your Account Has Been LeakedIn case your Twitter account has been leaked, don’t worry. All hope is not lost, you can still regain control of your account. Here’s what you do.
Try Logging In AnywayIf your name showed up in the LeakedSource search, go to Twitter.com anyway and try signing in. In case it works, move on to the section at the bottom titled “How to Secure Your Twitter Account.”
Reset Your PasswordIf your password isn’t working and you can’t log in, you should reset your password. Go to Twitter’s password reset form and start the process. An email will be sent to you with a new password, after which you can move on to “How to Secure Your Twitter Account.”
When Nothing Works…The worst case scenario is if you don’t get password reset instructions. Something big has gone wrong in that case. It’s time to contact Twitter directly for some help. Go to file a ticket with Twitter and choose “Hacked Account”, then follow steps in the process.
How to Secure Your Twitter AccountIf you are on the list and have regained control of your account, or if you just want to be cautious, you need to take three steps to secure your Twitter account.
1. Enable Login Verification
A few years ago, Twitter introduced a new feature called login verification, which turns your login into a two-step process by also sending you a temporary password on your mobile phone for added safety. This is what’s called two-factor authentication, and a sensible strategy to use. Twitter’s quick video above will explain what you need to do to get started.
2. Change to a Secure PasswordNo matter what, change your password. Two-factor authentication can get hacked too, so it’s advisable to set a password that can’t be cracked easily. There are two schools of thought on how to do this.
Manual: We’ve shared tips to create a memorable password that’s difficult to crack, but what you need to remember is to use a combination of uppercase letters, lowercase letters, digits, unique characters, and symbols. The longer you make it, and the more arbitrary it is, the better.
Auto: Password managers like LastPass and 1Password can generate secure, encrypted passwords for you. You won’t remember them, but you can always install the managers on all your browsers and mobile devices so that memory isn’t an issue at all. The advantage of this strategy is that every site gets its own unique password. So what happened in this leak — where data was gathered from other sources — is unlikely to affect you if you rely on password managers to make your keys.
3. Revoke Access to Third-Party AppsAs Twitter mentioned, the data has possibly been compiled from leaks from different services where you granted access to your account. To be on the safe side, clean up the third-party apps that connect to your Twitter.
Go to Twitter.com/Settings/Applications, sign in, and click “Revoke Access” to any app that is non-essential for you. In fact, you can safely do this on all apps, and maybe revoke permissions on all major sites. The next time you use an app that requires Twitter access, ask yourself if you really want to grant it that much trust.