One company with a turnover of $2.44bn
330 million users
500 million tweets per day
What does it take to bring an upheaval in such a magnanimous company?
A bug and . . . . well, that’s all it needs!
Twitter Inc. reported a bug encounter a few weeks ago. It had to request its 330 million users to change their passwords. The bug has not yet been accused of stealing or misusing the passwords but out of sheer security priority, Twitter users have been asked to change their password. The bug has been reported to some regulators who will dig deep into it and take suitable actions.
But what did the bug do?
Let us understand this in basic terms.
Whenever we type our password on Twitter, it is converted into value or values using a mathematical function that is representative of our original password. This process is called Hashing.
But the reported bug that attacked Twitter, saved an internal file of the passwords in plain text i.e. the passwords were not converted into hashed keys and they were clearly readable. As of now, no breach or misuse has been reported but it raises a big question on the way social media platforms store user data.
First Facebook and now Twitter, data compromise is becoming an inevitable part of our social media experience. It is the need of the hour that we become aware of all such threats and how to deal with them. Here are some ways which will help you make your social life more secure:
- Change is the only constant
We know you don’t like changing the things you took time to memorize and we wish we could give you an option there. But you NEED to change your passwords every once in a while. You can try using popular password managing tools to ease this task. To change your password on Twitter click on Settings & Privacy > Password, you need to enter your current password and then type a new one.
- The Mighty Mobile: Two-factor authentication
You may not prefer giving your mobile number to strangers but you can make social media platforms a wise exception. Gmail, Facebook, Twitter most of these social sites provide this option of double verification using your mobile number. It sends you an alert whenever there is a sign-in attempt using an unknown device. In short, it takes permission for every little thing it is doing on your behalf.
- Congratulations: You have won $100 mn!
Messages like these keep landing up in your mailbox. It might be tempting to claim this money by sharing your confidential details with the sender. However, this is the most common way through which hackers get hold of your financial details. These phishing emails are best left to be thrown in the ‘Spam’ folder.
- Keep me logged in? No, thank you!
Almost all of us have activated this while signing in to our accounts. While it really saves a lot of time but at times, it may not be a good idea. When the device is yours, it is alright to use this feature but when you are using your account on a public device, don’t use this feature. The next user may access and compromise your account.
- Monitor access to third-party apps
Do check which apps are connected to your social media accounts. You may have used Facebook or Google to sign in to other applications, which you do not use anymore. It is recommended to assess if this type of access is necessary.
So these were some of the steps which you might find helpful. You don’t need to be a technical engineer to tackle bugs; all you have to do is be aware and careful to stay safe on the internet.
This post has been authored by Setu Shreya, Intern, Quick Heal Technologies Ltd. She is a student at Balaji Institute of Modern Management.