According tomultiple published reports, Katy Perry's almost 90 million Twitter followers saw several highly offensive tweets today - but they appear to have come from someone who hacked the account, and not from the singer herself.
The tweets included racist and homophobic language, a friendly tweet to Taylor Swift, and a request that readers follow a particular Twitter account likely either belonging to the hacker, to someone that the hacker likes, or to someone whom the hacker wants to get into trouble.
The hacker's tweets have since been deleted from the @KatyPerry account, but, Perry has not yet commented on the incident. Of course, as Tim Erlin, Director of IT Security and Risk Strategy at Tripwire, mentioned to me, "Celebrities, with millions of followers, are always going to be attractive targets for any attacker who wants an audience" - but there are plenty of reasons that hackers may want to take over accounts from others as well: for example, they may be able to use those accounts to social engineer their way into computer systems - or into people's bank accounts. As Erlin noted, "While celebrities have to be more vigilant for abuse, the best practices for securing an account are really the same for everyone."
As such, the recent incident raises the question - how should one protect his or her Twitter account (and other social media accounts) from being compromised? Here are several suggestions:
1. Enable dual-factor authentication - Twitter allows people to turn on a feature that requires users logging into an account for the first time from a particular device to enter a one-time code that the social media platform texts on such occasions to their cellphones. Such a security system makes it harder for criminals to hijack someone's account, and has been around for quite some time, but, as Erlin noted, "It can be a challenge to get customers to adopt new security controls." (Of course, if a criminal steals a smartphone the second factor will not add security to protect the owner's account accessed from that phone until the owner switches his or her account to a new device.)
2. Utilize strong passwords for social media accounts - and don't reuse the passwords for other accounts. For more information on how to select strong passwords that are easy to remember please see the article entitled: How To Create Strong Passwords That You Can Easily Remember.
3. Utilize social media alerts - people using SecureMySocial, for example, would receive alerts if inappropriate tweets were issued from their accounts (the tweets would even be automatically deleted if the alert system is so configured) - so they would know immediately that their accounts had been hijacked and be able to react far faster than otherwise.
4. Don't accept "friend" or "connection" type requests from unknown parties - The people issuing those requests may have nefarious purposes for trying to access your personal information - obtaining control of your social media account may be one of their goals. For more details about this risk please see the article How to Protect Yourself From LinkedIn-Based Scams.
5. Practice good general information-security hygiene - There are ways that doing so can help protect social media accounts - for example, by preventing malware from capturing relevant passwords and one time codes. Of course, keeping yourself cyber-safe can provide value in other areas of your life as well. For some tips please see the article 14 Information Security Tips You Can Implement Without Spending a Lot of Money.