Following the news that Twitter locks some accounts after 32 million passwords leaked, security experts from InfoArmor and Lastline commented below.
Andrew Komarov, Chief Intelligence Officer at InfoArmor:
All this data is from third party sources and botnets, and in 80% – it is fake, or generated, and that’s why we suggest that people be calm when faced with such big figures with reference to potential breaches and password leaks such as today’s Twitter news. It has no relations to any real security incidents, and cybercriminals use it as form of speculation to earn money.”
Craig Kensek, Security Expert at Lastline:
It’s interesting to note that while Twitter is making denials about being hacked, there’s another news story about Twitter’s founder being hacked. It would take more than 140 characters to give comprehensive advice to Twitter account holders, but “Have strong, unique passwords for each site. Change passwords on a regular basis. Use multi-factor authentication. Use a password manager.” does it in 139 characters. Encryption of databases, anyone? Stolen encrypted data is of little value to cybercriminals. Individuals who no longer make use of an online service or a site where they have a unique password, may want to change the password on that site and then end their use of that site. If records are stolen, hackers will have a useless password.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.