There was some news that caught my eye yesterday. That of yet another breach, what people are calling a “MegaBreach.” And, another story of how some Android users of Twitter had their private Tweets actually public for over five years. So, I thought I would quickly weigh in here and offer some thoughts and a few tips.
Remember, you are only as secure as you decide to make yourself. If you bury your head in the sand and choose to ignore recommendations from experts, consider yourself compromised. If you make some efforts to secure yourself and your personal data, the prospect of damage is a bit less.
And, some things are simply out of your control. You trust a site or an app or a service to be secure and do what it promises. But, unfortunately, third parties don’t often have your interests at heart. They have their own. Sure, they want to keep their users happy…but…well you know the story.
Details on the MegaBreach
First, to set the record straight, the “MegaBreach” is really NOT something new. It’s actually a collection of personal data compiled from other previous breaches and hacks. According to Krebs on Security, this new “breach” contained almost 773 million unique email addresses and 21 million unique passwords.
But, if you dig into the details, this data dump (“Collection #1” as its called), is really a compilation of hacked data from over the years.
What does that mean? Well, if your email address and/or passwords and or passwords have been compromised in the past, I’m going to guess that it is contained within this collection.
Hopefully, the last time you were notified of a breach by a site or app you used, you actually DID change the password. If not, be sure to do it now!
Wait, my Tweets Aren’t Private?
My wife and I always tell my teens that they should assume that if something has been captured digitally (text, movie, photo, etc.) that it is stored somewhere. Even things like private Snaps or “disappearing” messages are recorded, somewhere or somehow. (Unless, of course, you are part of some secret government agency…but ha, even then, I don’t think anything is private.)
In the case of Twitter, a feature that supposedly was designed to safeguard your private Tweets, actually wasn’t doing this. Android Authority reports that Android users who used the “Protect your Tweets” feature might not have actually had that protection enabled.
This “lapse” in service occurred between November 3, 2014 and January 14, 2019. That’s a bunch of years (and probably a ton of unprotected Tweets).
But don’t worry too much (unless you posted some really questionable private Tweets). Twitter says:
“You may have been impacted by this issue if you had protected Tweets turned on in your settings, used Twitter for Android, and made certain changes to account settings such as changing the email address associated with your account…”Twitter.com
Is nothing private? Probably not. Again, you have to assume that nothing is confidential, despite your best efforts. If you don’t want something to be public, keep it in your mind.
But What CAN I Do for More Security?
I’m not a security expert. So you can take or leave my recommendations as you see fit. But here are a few things you may want to consider.
- Don’t use the same password (duh!)
- Use some sort of a password manager (these can auto-generate much more secure passwords too)
- Develop a formula for creating password (it makes them easier to remember for you, but make sure that formula is complex – if someone learns the formula, it’s easier to hack – see previous point)
- Watch out for phishing scams (you can easily get hacked – I have documented many phishing scams on HighTechDad)
- Check to see if your email has been compromised using Have I Been Pwned (I’m going to guess that you have – so change the passwords for those services or sites that are listed)
- Keep current on security news (yeah, it’s hard but worthwhile)
That’s just a short list of a few recommendations. There is a lot more you can do. And, as I mentioned, watch out for emails. I have actually seen some emails sent to me that fall under the “I caught you looking at naughty sites – I have your email and password – pay me or I release it” type.
And the funny thing is, I recognized the passwords that were listed in the email as one that was part of a breach that occurred many years ago. Luckily, I had changed my password then. I just deleted those emails (Google filtered them as spam anyway).
So, remember, don’t panic when you hear about these security issues. Follow some of the best practices that I and others have outlined. There will always be breaches and hacks. And, they will get bigger and bigger. This is the nature of our new, always-connected, digital world.
HTD says: Always create unique and secure passwords. If part of a breach, don’t panic. And, simply assume that your private data will, at some point in your life, be compromised. It’s our new reality.