Multiple Twitter accounts belonging to Indian celebrity politicians, journalists and industrialists have recently been hacked by a group of hackers who call themselves “Legion”. It isn’t very clear whether it is a single person or a group of hackers. Although, people who have been hacked, especially politicians like Rahul Gandhi and journalists like Barkha Dutt, would like to believe that the spate of hacking is a right-wing agenda targeting individuals from a particular political and ideological bent of mind, in this Washington Post interview, one of the “Legion” hackers says that the hacking group has no political agenda. They just have massive amount of data with them and it is the information contained within that data that decides which person is going to be hacked next.
The Washington Post reporter got hold of the email ID of the hacker through one of the messages that the hacking group posted on the hacked Twitter account of one of the people who have been recently hacked. From the answers to the interview questions and even from the messages posted on the hacked Twitter accounts it seems a particular image is being built of the hacker – the mythical criminal-minded genius who does drugs, listens to rock music, has other earthly passions, and also hacks.
In most of the cases hacking happens because people are not careful about managing their digital information. For example, most of the people use the same authentication credentials for different accounts. They will have the same password for the email accounts (even multiple email accounts), bank accounts and social media and social networking accounts.
This isn’t exclusive to people who are naïve in terms of using technology. Recently the accounts of Mark Zuckerberg, and Jack Dorsey were also hacked by a hacking group called OurMind. Many of these accounts were hacked because they were using common credentials for their social networking accounts as well as emails. For example, you can log in to your Twitter account using your Gmail account and also your LinkedIn account, and vice versa.
Although people who want to hack your accounts will find one or another way to do it, to spruce up your security, stop using common passwords. Also, stop logging into your different accounts from a single account. For example, many websites allow you to use your Gmail, Facebook and Twitter accounts (because in most of the cases you are already logged into them) to log into their accounts. Although at that moment it may seem very convenient and easy, in the long run, you will be exposing yourself to hacking attacks.
So, on a personal level, if you want to avoid being hacked, do the following:
- Activate two-factor authentication whenever available.
- Create difficult passwords and a typical password string must contain alphabets (uppercase and lowercase), number, and special characters. Remember the longer your password is, more difficult it is to guess it using some computer algorithm.
- Use different passwords for different web services and mobile phone apps.
- Don’t use your Gmail, Facebook, Twitter and LinkedIn credentials to log into other web services and mobile phone apps.
If you are looking for a good password management tool, I have reviewed LastPass on this blog and I have been using the service for a couple of years now. If you don’t want to use an external service, you can also use your browser to manage multiple passwords but the benefit of using a service like LastPass is that your passwords – even if you have got hundreds of passwords stored in your account – are synced across your devices and they are immediately available to you without running the risk of exposing yourself to hacking vulnerabilities.