Do you "Twitter"? Twitter.com is one of the most popular social networking Web sites on the Internet. Described as a cross between blogging and instant messaging, it's a free service that lets members send and read short messages called "tweets." Family and friends use it to stay in touch. Restaurants use it to post daily lunch specials. President Obama uses it to plug healthcare reform.
How Twitter Works
You Twitter, or create a tweet, by typing in the answer to "What are you doing?" in 140-characters or less. The tweet is then delivered to any member who chooses to be your "follower." If you select to keep your updates private, your tweets are sent only to pre-approved friends. Otherwise they are posted to the general public to be followed by anyone interested in what you have to say.
Twitter Targeted by Hackers
Twitter.com is enormously popular because members find it fun and easy to use. Unfortunately, Twitter's popularity makes it a prime target for hackers, and it's been hit with several types of security attacks this year.
In January, a phishing scam tricked many Twitter users into revealing their usernames and passwords. Users were sent a teaser that said something like "funny blog about you." When they clicked on the attached link users were diverted to a fake sign-in site where they filled in their username and password. The phishing site then used that information to send spam to followers.
Also in January a hacker broke into 33 high-profile Twitter accounts, including those of President Obama, singer Brittany Spears, and two television news networks. The hacker posted fake update messages to the accounts that were vulgar and embarrassing.
Just last week a hacker broke into the e-mail account of a Twitter employee. Although it doesn't appear that any users were affected, some internal Twitter company documents were stolen. The hacker was able to access the employee's account because the employee made the mistake of using the same password on more than one Internet system.
Twitter Works on Improving Security
To fix the problem with fake updates from impersonators, Twitter launched a verified accounts
program. Twitter investigates to make sure celebrities and other popular users are who they say they are. If the background information checks out, Twitter posts a "badge" on the user's profile page to show that they are the real deal.
Twitter has also strengthened its security by requiring employees to use random password generators and a two-factor authentication entry on some systems. Password generators are software or hardware devices that use random numbers to generate passwords. Two-factor authentication requires the user to input two pieces of information, such as something they know (like their password) and something they have (like the number on a card or token).
Protect Yourself on Twitter with Strong Passwords
So far the Twitter security problems seem to have been more annoying than damaging to users. However a phishing scam or password breach can be financially devastating when it results in identity theft, fraud or the theft of private business or financial information. As the latest Twitter security breach shows, a strong password is the first step to protecting yourself online. Follow these tips to create and use secure passwords:
- Don't use personal information like names, phone numbers, birthdays or addresses to create passwords
- Don't use keyboard patterns like "sdfjkl" or "zsxcf" as passwords
- Do use a combination of upper and lower letters, numbers and punctuation marks to make passwords unique
- Do use a variety of passwords; don't use the same password on several Internet accounts
- Do change your passwords often
- Do be very cautious about sharing your password; verify Web sites before entering your password
- Do notify the companies involved immediately if you think you were tricked into revealing your password or other private information
Visit the Microsoft article, Strong Passwords: How to Create and Use Them for more advice on creating secure passwords. Putting a little thought into making up passwords could go a long way toward protecting your privacy online.
Questions for Your Attorney
- Can social networking Web sites be liable if security breaches lead to identity theft or other Internet-related crimes?
- Do I have any responsibility with respect to Internet-related identity theft crimes? If I try to seek relief for harm caused by identity theft, will I have to show that I used security measures, such as use of strong passwords?
- If I join an online community, what happens to information related to my account and my activity on a site if I cancel my membership or account? Do I have the right to demand that such information be removed from a Web site?