A common approach 'password cracking' is to repeatedly guess the password. This might not sound very technical, but you would be surprised at just how successful most hackers are when using this simplistic method. What it all boils down to is poor password practices, and Twitter employees learned this the hard way.
Recently it was reported that the French hacker calling himself Hacker Croll broke into Twitter's Google Apps and stole more than 300 private company documents, which were subsequently sent to various web sites to be posted for public scrutiny. One such web site was TechCrunch, whom managed to gain Hacker Croll's trust through hours of online conversations and persuade him to reveal how exactly he did it.
How did Hacker Croll steal more than 300 private Twitter documents?
It seems Hacker Croll found one weakness many of us are guilty of: using the same password for everything. Of course, there was more to it than that, and actually performing such a seemingly daunting task takes hours, sometimes days, of dedication as Hacker Croll admonished. This does, however, bring to mind that nagging doubt: How safe are we? How many of us out there make the very same mistakes these Twitter employees made? How exactly do we practice safe password protection?
The most alarming thing about Croll's method is, most notably, that it could happen to anyone. Checking my own Google account just recently, I discovered I was open to the same vulnerability that Twitter found themselves in. This has since been changed, but how many of us remain open to the same method of attack? Looking through my emails, I discovered various passwords I had used for random web sites, and it was a frightening realization. Try it yourself. You might be surprised.
There are countless other ways a hacker could get your information, though. How many of you have sent someone your phone number over a public service like Twitter or Facebook? Are your MySpace and Facebook accounts closed off, or can anyone view them who searches for you? Does your Facebook page have your birthdate, the past schools you've attended, the name of the company where you work, or even your pet's names? These, and many other items of information, can be used to access any number of accounts you may have opened in the past and forgotten about.
If you're thinking right now how unlikely it is that someone could find this information, try searching for yourself in the so-called 'Deep Web' search engines like Pipl or Spokeo and see what comes up. It's scary how much data I found on myself performing a similar search.
If, by now, you've discovered you could be vulnerable to the same flaws that Twitter was, consider this a stern warning. Be sure to thoroughly check the security settings on your various online accounts in order to remain in control of your security information since it is so easy to forget what you entered years ago. In fact, delete or unsubscribe from accounts you no longer use or never plan on using again. Make certain to use as many different passwords for various web sites as you can remember, and make sure that they are difficult for a hacker to guess. Try creating a password out of a combination of numbers, letters and symbols.
But most importantly, search for the most common passwords you use in your own email accounts and delete those messages. If the worst happens and your account is compromised, you'll be glad you did.