Twitter hacks are a specialty of OurMine, a self-styled “security group” that offers personal and enterprise services, but is more known for breaking into tech personalities’ social media accounts. Their past victims include Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, Spotify founder Daniel Ek, Amazon CTO Werner Vogels, and their latest—Niantic CEO John Hanke.
Niantic is the developer behind the global phenomenon Pokémon Go, a mobile app with a steadily growing fan base despite its limited availability, and one that has spawned a whole range of cyberscams looking to take advantage of them. In this latest attack, OurMine claims the hack is “for Brazil,” which attempts to convince developers to make the game available in the country.
The OurMine hacks are notable, simply because the victims head some of the biggest multinational technology companies in the world. In theory, a company—especially one working in software and technology—should be aware of the best security practices, but everyone makes mistakes and this certainly isn't the first time a tech executive has been hacked. Mark Zuckerberg, for example, evidently had a weak password that he reused on more than one account. The password for both his Twitter and Pinterest was “dadada”, which was undoubtedly easy for him to remember. Unfortunately, it's also easy to hack. OurMine revealed that John Hanke had an equally weak and unoriginal password: “nopass”.
Layer your security
Aside from practical safety tips, like making sure the password for your accounts is complex and unique, users can also add another layer of security. Twitter and many other platforms have implemented two-factor authentication (2FA) as an added line of defense for their users. 2FA is when you use two separate types of identification to log into an account.
The identification types are broadly classified as:
A combination of these gives you more security than just a having a single factor of authentication.
Only a handful of devices come equipped with fingerprint scanners, so the typical combination is a memorized password and a unique code that comes in through Short Message Service (SMS) or an app on your phone. In the case of Twitter, the user has to change their Security & Privacy settings to send login verification requests to a specified number. After the 2FA is applied, users are prompted to enter the password as well as the code sent to them each time they log into Twitter.
Most of the popular websites and online services have implemented options for enabling two-factor verification processes—an option that users are recommended to turn on. What could someone do with your Apple password? How badly would you be affected if someone posed as you on Facebook? Would your work be affected if your LinkedIn account was hacked? It would be much better if these questions remain theoretical.
The sites mentioned above and many others have 2FA readily available and can easily be set up.
How to Set Up 2FA on Popular Sites
For mobile users:
To receive codes without relying on a mobile service, go back to Login Approvals and click Set up Code Generator. Follow the instructions to install an app that can generate codes.
There are two options for Google’s 2-Step Verification feature: a code sent to the user’s phone, or a Security Key.
For the code:
You can also set up the Google Authenticator app to receive codes when a mobile service isn't available.
For the Security Key:
Instead of using a code, users can just insert the Security Key into the computer’s USB port when prompted. Your computer needs to be running Google Chrome 40 or newer, and you can use any device compliant with the FIDO Universal 2nd factor (U2F).
Apple’s two-factor authentication is only available for iCloud users using iOS9 or OS X El Capitan or later.
For Apple mobile devices:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.