How to Avoid Being Hacked Like Twitter

Twitter, Inc had internal documents stolen from their Google Apps site. The hacker was also able to get sensitive information from other users and other accounts, including credit card information. It was a "social hack," meaning that the hacker didn't need to use malicious software to break into the account. They relied mainly on human nature.

A lot of experts talk about the importance of having a "strong password." That's only part of the problem. Nobody had to guess Sarah Palin's password to hack her Yahoo! account, and nobody had to guess a password in this case. Password retrieval systems are often the easy back door into otherwise secure accounts.

As TechCrunch outlined, it really wouldn't matter how strong your passwords are if you use the same password on different services. And chances are that most of you do reuse passwords at least occasionally.

The hacker in this case broke into a Twitter employee's Gmail account using a common exploit. In Gmail, you can specify an email account you want to use for password retrieval. In this case the email account was Hotmail, and it had expired. Hotmail recycles expired accounts, so the hacker just had to create a new Hotmail account with the same name in order to receive Gmail's password reset link. By rifling through Gmail messages, he found passwords to other services and guessed correctly that this person reused passwords.

There's no guarantee anything you put on a computer is ever safe from hackers, but here are a few things you can do to avoid your own personal Twittergate:

• Double check your Gmail account and make sure your secondary email address is still valid and owned by you. Do the same for any other service that uses an email address.
• Don't reuse passwords. You can use a system like PassPack to store them. You still need to make sure your passwords are strong.
• Don't use security questions that anyone can Google. Assume we all know your mother's maiden name and your high school. You may even want to lie on these questions in a way you remember but others won't guess. Put down the name of your favorite stuffed animal as your first pet, or pretend you actually grew up in Narnia.
• Delete any registration messages that contain your password, or use an easy password to register for a service and then immediately change it to something more secure.
• Keep your virus protection up to date. Password security won't help you if someone has compromised your desktop with a keylogger.

If you've been reusing passwords for a while, go to your Gmail account and use the search box to search for your password. Delete any registration messages you've been sent containing your password, or use it as an opportunity to go on a password changing spree.