Skip to main content

Is Your Social Media Account Hackable?

Duke's IT Security offers tips after Twitter account for Duke Arts is compromised

Over the weekend, hackers breached a Duke social media account in what officials attribute to a series of international data breaches.

Robert Zimmerman, website manger in the Office of the Vice Provost for the Arts at Duke, said the breach to the @DukeArts Twitter account occurred Saturday, but he was able to login, change the account password and delete the offensive posts.

“They had changed our name and the picture on our profile, and posted about five tweets that were totally inappropriate,” Zimmerman said.

Duke IT Security officials say the incident is a reminder to set strong and varied passwords across sites, to use two-factor authentication, and to stay informed about data compromises to respond quickly. In recent months, social media companies like LinkedIn, Twitter, and Tumblr have all disclosed large data breaches making millions of passwords available to hackers.

Breaches include: MySpace (360 million users), LinkedIn (167 million), Tumblr (65 million), Twitter (32 million), Fling (40 million), and Badoo (127 million).

“These breaches, totaling over 769 million passwords, have provided the hacker community with an incredible password dictionary that can be used in attacks against other services, such as online banking, social media, or other cloud services,” said Duke chief IT security officer, Richard Biever. “This is made easier due to the habit many people have of reusing passwords across multiple sites.”

Biever suggested Duke community members check to see if their password was exposed in one of the breaches by visiting Leaked Source and entering in the email address(s) used to access the accounts.

In the case of Twitter, 32 million passwords were leaked online, and a number of high-profile account takeovers occurred, including the account of Mark Zuckerberg, founder of Facebook, according to recent news reports.

Zimmerman, the website manger in the Office of the Vice Provost for the Arts, helps manage the Duke Arts Twitter account. He said the hackers were able to delete the 200 posts on Duke Arts Twitter account so the only tweets appearing were by the hackers.

After the hack, Zimmerman made sure the department’s new Twitter password is unique. He also added a program called LastPass to act as a password vault to save and protect his personal and work passwords.

“It saves you from having to remember a lot of passwords or allows you to use ones you could never remember, like computer generated or random ones,” Zimmerman said. “I had been thinking about it. But this experience made me say ‘yes!’ ”