How Your Fav Celebs Got Hacked and How to Save Yourself
If you have even glanced at the internet over the past few weeks, you’ve most likely seen something about all the celebrities whose Twitter accounts are being hacked. Katy Perry tweeted at Taylor Swift, Lana Del Rey said Bush did 9/11, Kylie Jenner said her sex tape was trash and even Facebook boss Mark Zuckerberg was hacked.
You would think a celeb’s account would be the most locked down and impenetrable, but when they use lame passwords, like dadada for example (*cough cough* Mark Zuckerberg), you realize they’re just like the rest of us.
We talked to two cyber security consultants about how to avoid getting hacked and some tips to making your accounts safer. Nicholas Colyer, a Senior Security Consultant at Rapid7, and Jen Ellis, VP of Community and Public Affairs at Rapid7, gave us a few dos and do nots for all your passwords, but we also asked about what might be the cause of all the recent hackings.
“When you look at celebrity hackings, the range of motivations for that could be vast,” Jen said. “It could be somebody who hacks something because he’s personally interested in a celebrity, or he personally has a grudge against a celebrity, who knows,” Jen says.
Jen also says that, “in a lot of cases, this actually comes from organized crime, and it’s extremely well resourced, well managed, and very professional in the way it’s done. This is not kids in their parent’s basements.”
Geez, the hacking mafia is a thing? Here are a few tips for keeping yourself safe from the cyber Tony Sopranos of the world!
1. Do Not Reuse Passwords
Everyone reuses passwords for their multiple social media and email accounts because who wants to come up with 50 different passwords?
“The problem with that,” Nicholas tells us, “is that if your account on one site gets hacked, the attackers then have the ability to access your accounts across all your other sites and services, massively increasing the fallout from the initial hack.”
He says that this is the reason so many celebs are being hacked, and they are using that to their advantage. “To avoid this, it’s simple, don’t reuse passwords!” he says.
2. Use a Password Manager
Nicholas also tells us that if you’re likely to be forgetful for all 10 million of your passwords, using a password manager — an app that holds all your passwords — would help cut down on the amount of times you have to reset them (which is really often for me personally because I forget everything).
“If you’re not reusing passwords, it’s really hard to keep track of all your passwords and remember them. Using a password manager solves that problem – you only have to remember one password (the one for the password manager), and the tool does all the rest of the work for you, including helping you generate unique and secure passwords, and keeping track of them,” Nicholas says.
Some of the software programs he recommended include LastPass, 1Password, and KeePass, which can all be found in the app store.
3. Use Two-Factor Authentication
“Two fact authentication is a way of adding an extra layer of security to your accounts and it can greatly reduce your risk of compromise. It is based on you the idea that in order to access your account, you need both something you know, for example a password or PIN code, and something you have, such as a phone or other device that can receive a special code, or a biometric,” Nicholas says.
Translation: If you try and enter your password into a computer, you’ll also get a text with a code that you have to enter. V safe.
“This means that even if an attacker guesses or steals your password, they won’t be able to access your account without the device or biometric, and so you are less likely to be successfully hacked. More and more sites and services – including Gmail, Facebook, Twitter, Amazon – are now offering two factor authentication to help their users secure their accounts and information,” he says.
4. Above All Else, Protect Your Primary Email Address
Consider this your main priority as far as security goes.
“Your email is your link to all your sites and services – you probably use it as the primary login detail and communication path for anything you sign up, from online banking to shopping and social media,” he says. “As such, it is an extremely valuable target for any attacker – if they get your email they can reset your accounts ‘forgot password’ option and get access to anything they want.”
At the very least, it would be worth it for anyone and everyone to use a unique and complex password, and enable two-factor authentication on their main email service(s) if supported. Gmail, for instance is just one of many examples of services that support two-factor.
So basically, once the hackers open one door, they have access to all the others.
Great. Just peachy.