Friday, June 15, 2012

Twitter Passwords And Logins Exposed And How Future Breaches Can Be Prevented

It was announced recently that Twitter was hacked, and over fifty-five thousand Twitter usernames and passwords were leaked and posted publicly on the web for anyone to ascertain. Information from users appeared on Pastebin, a service utilized by hackers to brag about their achievements, however the social network acknowledged that several of those profiles were spam bots and duplicates. If you're on Twitter, currently, it would be a sensible time to log-in and alter your password.

Twitter spokesman Robert Weeks explained, "We are currently looking into the situation. In the meantime, we have pushed out password resets to accounts that may have been affected." Twitter is investigating the security breach to seek out the source of the attack. Twitter is giving little weight to the incident stating that the accounts and passwords includes some twenty thousand duplicates, spam accounts that are suspended, and login credentials that don't be associated with one another (passwords and logins don't match).

The social network claims to possess over a hundred and forty million active users that the security breach would have affected regarding.02% of its user base. Still, this is a reality check for Twitter as a result of the security breach might have been far more widespread and will have tarnished the company's name. The question that Twitter should be asking themselves who would have leaked the confidential account info and why? The Pastebin poster still remains anonymous and no group is stepping forward to take credit for the attack, however that has yet to be concluded.

In 2009, Twitter was compromised twice and hackers had complete management over the social network. Two years ago, Twitter came to a settlement with the Federal Trade Commission (FTC) over the hacking due to client privacy and data being in danger. A part of the FTC settlement includes twice a year security audits, regular data security audits for ten years, avoiding creating any misleading statements regarding the effectiveness of their security or privacy practices for twenty years, and a passionate person for security to be on payroll at twitter to be in charge of and coordinate its data security and privacy issues. The FTC settlement details are often seen at The group of social networks agreed to place "reasonable safeguards" to mitigate any data security risks it identifies and to store date securely.

Although Twitter had added the majority of the required security enhancements by the time the FTC settlement was announced in two years ago, they might have done a lot more to stop the present attack and future attacks. Even with employees dedicated to boost security and be in control of data security, they still got compromised. If the employees at the social website were to include new technology like 2 factor authentication, the security breach may not have occurred. For example, two-factor authentication employing a mobile device might have protected their users and therefore the website from being accessed by authenticating users via their mobile devices when logging in. This is technology that Google currently embraces and what several major banks use to authenticate their users logging in to their services. It's an efficient and value effective way to implement an out-of-band authentication technique whereas employing a device that almost all users invariably possess and own a mobile phone.

To implement two-factor authentication, Twitter would simply need users to opt-in to using their mobile phone as a security device and comply with receiving a one-time password (OTP) through SMS on their mobile devices. When a user logins their credentials on Twitter, an OTP is distributed through an out-of-band network (their mobile carrier) and enters the password onto the location that authenticates them. It's economical and effective by authenticating their users as a result of most of the general public have mobile phones on them in the least times, and it needs no further hardware or tokens to deploy on Twitter's finish. Two-factor authentication is a actually effective layered security answer that Twitter ought to be using to safeguard their users and perhaps this current attack can get them to rethink their security measures in place. The FTC has extended the social network's security once which wasn't enough, however perhaps if they implement a two-factor authentication solution they be less vulnerable to additional security breaches.

David is an information security specialist who believes remote access security is gained through strong authentication. That is why he provides info to healthcare professionals about two factor authentication and one time password.

View the original article here

No comments:

Post a Comment