An Islamist hacktivist going by the moniker “Mauritania Attacker” claims to have hacked and accessed the entire database of Twitter accounts. As proof of this exploit, he has published details on 15,000 accounts that included access tokens users have generated for other applications that use Twitter either as an authentication source, or as a means to publish data from or to the microblogging service. According to representatives from Twitter, no accounts have been compromised, and the account details released by the hacker did not contain passwords (hashed, encrypted or otherwise). Security analysts suspect that it may be possible to use the exposed security tokens to gain limited access to publish through the associated Twitter account via third party app (which is what the tokens are for in the first place) if a hacker could ascertain for which app a specific token was created.
What this means for you:
If you use Twitter, you should do two things:
- Enable login verification by going to your Twitter settings -> Account -> Login Verification. This basically sends out a confirmation to your mobile device that must be entered in order to log into your Twitter account.
- Revoke permissions to Twitter-enabled apps. You can do this by going to your Twitter settings -> Apps and clicking “Revoke Access” next to every app on the list, even the ones you might use frequently. Then, you can go back to your favorite apps and reauthenticate. This way, you can recreate the access tokens, and not have to worry about the possibility that your access tokens were among the ones shared by the Mauritania Attacker.
Back in January of this year, I wrote about Facebook’s impending Graph Search feature (“Facebook Graph Search Cutting Bait for Phishers“) which was set to greatly improve its existing feeble search engine as well as outrage privacy watchdogs. Based upon the feedback the developers received from the small test group to which it was originally released, Facebook went back to the drawing board, and have now decided that Graph Search is ready for its debut.
Unlike the search engine we all know and use, Facebook’s new search engine will rely heavily on the various layers of data that it has accumulated on it’s millions of users, allowing you to perform searches that list “friends who like trucks and football” or “single women in Los Angeles who like Ethiopian food”. Obviously, the results are heavily dependent upon how much information everyone shares about themselves on Facebook, but Facebook is confident that the results will be eye opening.
What this means for you:
If you haven’t heard me mention it before, there’s no better time than the present to log into your Facebook account and check your privacy settings, even if you don’t use it often, or you haven’t updated your profile since you created the account oh so many years ago. If you haven’t logged into Facebook in the past year, they have made a lot of changes to settings and security that will probably bewilder the savviest of users. I linked a guide written by the EFF on Facebook’s privacy settings here: “Tighten Up Your Facebook Security”, and Facebook is also taking a more proactive approach by warning you when you log in that Graph Search is coming and provides you a link to your privacy settings.