Twitter's Breach That Wasn't Prompts New Security Rules
Adding to the complexity of protecting yourself and your organization is that the hackers are using new ways of getting the data they need. What appears to be happening is that the hackers are now leveraging big data analysis techniques to reveal likely username and password combinations. In the case of Twitter, it's not hard to reveal a Twitter handle given the email address or name of the target individual. A reasonably capable hacker can automate the process of harvesting this information and then combine it all for sale. While such a technique won't guarantee a perfect list, the level of success should be high enough to make such a set of credentials valuable anyway. The reason this is happening is twofold. First, there are several organized crime syndicates, all trying to get the upper hand in selling stolen information, and as the level of competition grows, so do the number and variety of breaches and other theft attempts. Second, social media companies and other services are getting better at protecting their information, so the criminals need to find it in other places. Unfortunately, when a major breach does happen, that data is leveraged in more ways than just selling it in the form in which it appeared. As a result, there are three things that you should do, especially if you or your company have any kind of public profile. First, take advantage of whatever form of advanced authentication is available as soon as it's available. Second, take seriously the need to have unique passwords for each public site you use, so that if one is revealed, the rest won't be. Finally, use some form of authentication management so that you can keep track of everything and manage changes as needed.
Unfortunately, this is one case where the world is getting more dangerous very quickly, and while you probably can't always beat the bad guys at this game, at least you can make it hard enough for them that they attack someone else instead.