It feels as if we have to go through the same list of recommendations once per week, but high-profile celebrities (and CEOs) still seem to be having some issues with account security on various social networking sites. So, here we go again. Whether you're a Twitter newbie or a Facebook vice president, please don't use the same passwords across all of your online sites. If you do, at least make it a very long password that your average hacker couldn't just acquire in a brute-force attack. Even better, if a social network has two-factor authentication, use it.
The latest victim is none other than Twitter CEO Jack Dorsey himself. As Engadget reports, the Twitter overlord had his own Twitter account broken into at some point early Saturday morning. An attacker (or group) going by the name of "OurMine" posted a tweet that they were "testing your security," followed by a Vine video clip that has since been deleted.
In fact, all of the not-Dorsey messages posted to Dorsey's account came from Vine, so it's possible that Vine itself was the attack vector that someone used to gain access to Dorsey's primary Twitter stream. It took about a half an hour or so for the posted Tweets to be deleted from Dorsey's account—we can only imagine the email that went flying around Twitter headquarters about the issue.
As for how the attackers actually broken into the account, or at least Dorsey's Vine, we're not sure. It's plausible that Dorsey's Vine credentials were listed as part of one of the recent social network breaches, but that would mean that Dorsey hasn't changed his Vine password for some time.
Just last month, Twitter proactively locked millions of accounts in an effort to get in front of these leaks.
"The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we're acting swiftly to protect your Twitter account," reads a June blog post from Twitter.
"In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner."
As for Dorsey, perhaps he should read over Twitter's account security tips: use strong passwords, use login verification and, most importantly, go over the list of third-party applications that have your permission to access your Twitter account.
"We suggest you review third-party applications that have access to your account from time to time. You can revoke access for applications that you don't recognize or that are Tweeting on your behalf by visiting the Applications tab in your account settings," reads Twitter's description.