Books written by Ray Sullivan

Sunday, 3 February 2013

Hacked Off by Twitter

So, Twitter has been hacked and 250,000 Twitter accounts have been stolen by thieves described as professional and knowing what they are doing.  That's a relief, I worry about my personal details getting into amateur hands.

What are these thieves going to do with these Twitter accounts?  Well, given that there are approximately 450 million zillion Twitter accounts, of which only about ten percent are actually real, then first of all they're going to have to sort through them.  Some will be for pets and inanimate objects, many will be for the purpose of ranting at the world - hold that, most will be for ranting at the world, but some might be for real people who want to communicate.

Then, once they have worked out which ones are real, what then?  Well, they could try posting really witty, humorous tweets that will go viral.  This does happen in the real Twitter world but unfortunately it's a rare enough event as to make the occasional headline.

They could try shouting at people - buy my book, read my blog - you know the kind of stuff.  The upside is that nobody would notice the accounts had been hacked, the downside is that is what Twitter does already very well.

But what they could do, and this is serious, is they could try to use the hacked Twitter accounts to fool the recipients into launching dodgy websites that place malware and other nasty code on their computers.  Like that doesn't happen already - I've lost count of the number of direct tweets urging me to take a look at some alleged photo of me, LOL.  I guess, because like the vast majority of Twitter users I don't use it as actual social media but as a way of letting anyone who wants to know when my latest book or blog entry is released, I don't expect personal direct messages from my followers.  Plus, and I'm a realist in this, most of my followers do so out of the hope I will reciprocate and follow them (I tend to unless it's obviously a sales pitch account or a Daily Mail reader), in the vague hope that I will at some point read their book or blog entry (I do with some, in fact I use some to provide ideas for my own blog, and some are genuinely interesting tweets in their own right anyway).  But most I ignore, like most quite correctly ignore my tweets.

Now the guys and gals at Twitter are a pretty smart bunch - at least I couldn't put anything as slick together as they do so they are by definition, if at least collectively, smarter than me.  And I'm not totally stupid (I'm allowed at least one lie in every blog posting).  Anyway, they have identified the theft, unfortunately with the door swinging in the wind, and have alerted everyone who has a Twitter account (remember, that's lots of us) that 250,000 of the very many accounts that exist world-wide that their personal data has been nicked by thieves they describe as sophisticated and professional.  They have avoided giving anyone a clue as to who might be affected, so no matter where in the world or what your account name starting letter is, you'll just have to sit and worry that it's you.  And 249,999 others.

But they have told the world, which includes smart, sophisticated and professional thieves, that they will be sending a direct message to the 250,000 affected accounts, advising them to change their password.  Now this opens up two areas that will be of interest to thieves and scammers.  First, as they have the 250,000 account names they can pre-empt that message with one of their own that directs the affected people to a pretend Twitter page, let them change their details and, in a smart piece of finesse, then change the details with Twitter itself so that everything appears fixed to both ends.  Or they could leverage the fact that actually none of us know if the 250,000 accounts  are all located in one geographical area or could be narrowed down in some logical way.  Now I'm sure that any professional thief as accomplished as these appear to be can harvest a lot of the 450 million zillion Twitter accounts out there and send them all direct messages pretending to be from Twitter.  How would we know?  We don't know if we're on that finite but long list!

All I can say is that I haven't received a direct tweet since the theft, which probably means I'm not in the 250,000 accounts, so any direct tweet I receive now is likely to be from a scammer.  My advice is not to wait for the tweet, go to Twitter by your normal route, and change your password.  Now.


I can, incredibly, be followed on Twitter - @RayASullivan  just b e prepared for me to shout about my books or blog entries, I'm working on the funny quip that will go viral, but please don't hold your breath.

or on Facebook - use to find me

Why not take a look at my books and read up on my Biog here

Want to see what B L O'Feld is up to?  Take a look at his website here

Worried/Interested in the secretive world of DLFs?  Take a look at this website dedicated to DLFs here, if you dare!

No comments:

Post a Comment