According to the recent news, the data of about 200 million Twitter users has been leaked in the underworld. The data is being sold in some of the blackhat hacking sites for just $2. This data includes the Twitter account usernames, email addresses, social media information and some other information. This leak was first noticed by a security research group in the middle of December last year, but it has made the newspaper headlines only yesterday.
First thing that you should do is check if your Twitter account was included in the data leak. For this, you have to visit https://haveibeenpwned.com/ and enter your email address or mobile number (whichever you used to create the Twitter account). After this, you can click on the pwned? button and wait for the results. If your account information was included in any of the data leaks, you will be informed on the screen.
You have to scroll down the screen to find the various leaks in which your email address or mobile number has been found. For the Twitter data leak this year, you will see Twitter(200M) in the list. It will also show a brief description about the kind of data that was leaked – your Twitter usernames, social profiles, Twitter account full name and email addresses.
So what you should do after you have confirmed that your account was included in the latest Twitter data leak? The very first thing you should do is change the password. When changing the password, you should use a very strong password. For creating a very strong password, you can use the in-built password generators for the web browsers like Chrome or Firefox. Alternatively, you can use the secure password generator from 1Password.
The second thing that you should do is enable two factor authentication (2FA) from the Twitter settings. When 2FA is enabled, you are required to enter a TOTP code after entering the usual password in order to login to your Twitter account. This TOTP is generated on your smartphone only using apps like Google Authenticator.
The third option that Twitter offers is “password reset protection”. When this option is enabled, nobody can reset your Twitter password using any method. An attempt to reset your password is often made by a potential hacker to log into your account.
The fourth step which is often missed by many users, is to take all the same steps for the email address account associated with your Twitter account too. You have to change the password and enable 2FA (if possible) for the email address account. This is done to prevent someone to first take over your email account and then using the email account to reset your Twitter password.