10,000 Twitter passwords hacked into

Rights, Scams and Politics

Updated on 13 December 2010 | 10 Comments

Watch out if you use the same password for Twitter and other sites!

Thousands of twitter users are at risk of having their accounts hacked today after hundreds of thousands of email address and passwords were stolen from one of the world’s largest media websites.

Gawker media, which powers Deadspin, Fleshbot, Gizmodo, Gawker, Jezebel, Kokaku and, ironically, Lifehacker, has today warned its 1.3 million users that their accounts have been compromised.

Account-holders have been told to change their passwords not only for all Gawker sites but for any other site accessed with the same email address and password.

Already, it's been estimated that hackers have broken into at least 10,000 Twitter accounts using the Gawker passwords, with some hackers apparently using these accounts to promote an Acai Berry diet.

What does this mean for you?

If you have a Gawker account, follow these instructions immediately.

But even if you’re lucky enough not to be directly affected, you should still see this as a wake-up call to make your passwords more secure – especially if you are using the same password to access lots of different sites.

Here are my tips on how to do this:

Choose a strong password

A bad password is one which can be easily cracked. That's pretty obvious. But it's not quite so obvious what makes a strong password.

While I was researching this article I realised just how weak the passwords I use really are. And all the time I was secretly thinking they were quite clever!

But at least my passwords aren't quite as bad as the ten most common shown below. You probably won't be surprised to see which one tops the list.

Top 10 most commonly used passwords

Password

Rank

123456

1

12345

2

123456789

3

Password

4

iloveyou

5

princess

6

rockyou

7

1234567

8

12345678

9

abc123

10

Source: Imperva

Any of these passwords fall into the weak category with 'password' probably being the absolute worst. Nearly half of all people who use online accounts use names, slang words or dictionary words as passwords. And, as you can see, the most common password of all - and therefore the easiest to crack - is '123456'.

Other passwords to avoid

As well as the ten most common passwords which are a huge no-no when it comes to protecting your online accounts, there are plenty of other passwords you should avoid too. For example, you should give weak password like names, brand names, holiday destinations, place names or the name of your football team a miss.

You should also steer clear of any dictionary words. A lot of people simply use a dictionary word with a numeric substitution - for example, 'Jup1ter', 'F3bruary' or '3ngland'. But this type of password is surprisingly weak too.

The reason we need to avoid these passwords is because they're really common, and therefore vulnerable to being cracked. Anything which contains words and letters only can easily be guessed. Hackers often use an automated programme to systematically and rapidly check one dictionary word after another until they hit on the right one.

Or they may use what's known as a 'brute force attack' where lots of permutations of the same word are tried out. This is why passwords like 'Jup1ter' or 'F3bruary' aren't particularly safe.

Tops dos and don'ts for choosing perfect passwords

But there are some simple steps you can take to make sure your passwords are as strong as possible. Check out these dos and don'ts:

  • Do use a different password for each account otherwise the hacker only needs to guess one password to have access to all your accounts. To make it easy to remember, use bits of the website’s name in your password. For example, always make the first letter of your password the first letter of the website’s name and the fourth letter of your password the fourth letter of the website’s name. That way, it will be different for each password, but easy for you to remember for each site.
  • Do change your passwords regularly.
  • Do use one or more of the following non-alphanumeric characters somewhere in your password: { } / < > ( ) ^ % " ! ' ? [ ] & *, @ ~ . If you're able to use the space bar in your password do so.
  • Don't chose simple sequences such '12345678' or 'ABCDEFGH'.
  • Don't choose a password that relates to you such as your date of birth, your address, your partner's name or the name of your pet.
  • Don't choose a short password. Go for at least eight characters, but really the longer the better. According to Microsoft, a 15 character password composed only of letters and numbers at random is around 33,000 times stronger than an 8 character password which consists of any characters on your keyboard.
  • Don't pick a password that can be found in a dictionary. These can easily be cracked.
  • Don't recycle your password. So avoid money1, money2, money3 and so on.
  • Don't write your passwords down.
  • Don't tell anyone your passwords.

How can I choose and remember my perfect passwords?

Take a look at this advice from Microsoft on coming up with a strong and memorable password:

Think of a sentence you can remember. This will form the basis of your strong password. Use a memorable sentence, such as "My son Aiden is three years old."

Convert it to a password. Take the first letter of each word of the sentence that you've created to come up with a new, nonsensical word. Using the example above, you'd get: "msaityo".

Add complexity. Then mix uppercase and lowercase letters and numbers into word. This might create a password like "MsAi3yo".

Finally, substitute some special characters. You can use symbols that look like letters to help you remember them, and to make the password more complex. You could also try lengthening it a bit too. Using this trick, you might come up with a password using the first letter of each word like this "M$8ni3y0".

Test your new password with Password Checker. Password Checker is a non-recording tool which tells you how strong the new password you've chosen is. If it isn't strong, keep tweaking it until it is.

If you remember one thing it should be this: the best passwords aren't words at all. So combine letters, numbers and punctuation marks to make the perfect password.

For other tips on protecting your accounts, take a look at Online banking: How to stay safe. You can keep a close eye on your accounts, and get an early warning of possible fraudulent activity by registering for online banking at lovemoney.com. You'll also get a host of other benefits which you find out more about in This online banking service will change your life.

Finally, if you have more questions about keeping your online accounts safe from attack, why not ask the lovemoney.com community for help using our fantastic Q&A forum.

More: The scam that traps millions | 31 legal rip-offs!

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.