5 Ways to Respond to Latest Leak of Information
Twitter made significant headlines in 2022 after billionaire Elon Musk bought the popular social media platform. Within weeks, he undertook several rounds of high-profile layoffs and controversial content moderation, attracting the ire of everyday users, free speech advocates, and government regulators alike.
Now, Twitter could face further scrutiny after a data hack exposed the records of 235 million accounts and the email addresses used to register them. Although not a traditional compromise of passwords or financial information, the leak was achieved through a so-called scraping attack, which exploited a flaw in Twitter’s security infrastructure. As the Washington Post reports, it might set “the stage for anonymous handles to be linked to real-world identities.”
The cybercriminal who claimed credit for the data hack advertised the entire data set for sale on Dec. 23, raising red flags at the U.S. Federal Trade Commission, which is currently investigating whether Twitter had violated an agreement to enhance the security of user information, and Ireland’s Data Protection Commission. Before this most recent hack was revealed, the FTC and DPC had both issued warnings to Twitter about a lack of compliance with data protection laws.
Cybersecurity experts also expressed concern that hackers, activists, and foreign governments could exploit the stolen information to target celebrities, journalists, academics, and political figures. Average Twitter users could find their accounts subject to takeover attempts while email addresses could be hit with phishing or social engineering scams and threats of blackmail or “doxxing,” which involves releasing personal information like phone numbers or home addresses.
So far, Twitter hasn’t acknowledged the breach or issued any advice to the users affected by the data hack. But CMIT Solutions suggests the following strategies to protect digital identities and keep online information safe:
• Strengthen your passwords for social media accounts. Although the latest hack didn’t involve passwords, hackers will almost certainly try to break into accounts, particularly of high-profile users or those who’ve amassed large follower counts. And if the same password is used for Twitter and other social media profiles, that will make break-ins easier. Update your login credentials across all accounts to long, unique passwords that include letters, numbers, and special characters.
• Update email logins and usernames so they’re different than the one you use for Twitter. While you’re checking and strengthening passwords, it’s worth updating the email address or username you use to log in on other accounts so they’re not the same as the one you use on Twitter. This can isolate any attempts to target that Twitter address with spearphishing or social engineering scams that threaten action or demand payment in return for digital safety.
• If it isn’t already activated, turn on multi-factor authentication or login verification for every online account. MFA requires something you know (a password) with something you have (a unique code delivered via email, text message, or dedicated app) to log in to accounts. This adds a critical second layer of security to social media, email, and financial accounts, mitigating the potential impact of stolen passwords or compromised information. Use caution if you receive an authentication notification from Google, Microsoft, Facebook, or Twitter that you don’t recognize or that doesn’t follow your own login attempt. These are usually a sure sign that a hacker has accessed your password and is attempting to log in to your account.
• Know how to spot suspicious emails. Chances are your inbox is inundated with spam emails every day, with varying levels of sophistication. In the wake of high-profile data breaches, these suspicious messages will probably increase, too. Here are a few red flags to watch out for:
- Demand for urgent action
- Poor grammar or spelling mistakes
- Unfamiliar greetings or awkward salutations
- Mismatched sender names and email domains
- Unexpected attachments or prompts to click on links
- Requests for confirmation of passwords, account numbers, or personal data
- “Too good to be true” offers, incentives, or financial rewards
If you spot any of these characteristics in an email or sense anything “off” about a message, DO NOT respond to it, click on it, open it, or otherwise engage with it. Instead, flag it as junk or report it to a trusted cybersecurity expert.
• Back up your data. The safest way to protect your information from hackers, bad actors, and natural disasters is to back it up regularly, remotely, and redundantly. To satisfy these three “Rs,” data backup processes should execute daily or weekly so that information is up to date. These data backups should be stored onsite for easy access as well as offsite or in the cloud. And multiple copies of information should be stored in different locations so that no single catastrophe can negatively impact an individual or business.
If these steps sound complicated, a trusted IT partner like CMIT Solutions can help. Our North American network of more than 250 offices has helped thousands of businesses respond to and recover from data breaches of all sizes. We understand the need to protect digital privacy while maintaining an online presence. We enable everyday employees to work safely while empowering business decision-makers to make the best investment in cybersecurity.
Need help defending your data, securing your network, or enhancing the safety of online logins? Contact CMIT Solutions today.