Cover Photo of Anonymous by Vincent Diamante (Flickr/Creative Commons)
Anonymous PH, looking to do their part to draw attention to their upcoming global event “Million Mask March” on November 5, took the easy route and hacked into Maine “YayaDub” Mendoza’s Twitter account at around 1 am early Tuesday morning, leaving a number of Anonymous-ish hashtags in its wake.
This has already been widely reported in the media:
November 5th was originally commemorated as Guy Fawkes night in Great Britain. In modern times, it is used by the Anonymous movement to celebrate it’s “Million Mask March” – although November 5, 2015 is being billed by some quarters as a “Billion Mask March”.
The Philippine branch seems to be unusually polite, though:
The Aldub fan base, aka the “Aldub Nation” is having none of this affront to their idols however. There have been a few clashes, and some have issued this statement of support:
Meanwhile over at Twitter, we’ve learned that the various teams are working to restore the account back to Maine, so you can breathe a sigh of relief. We spotted this message posted by Winson Wong at Twitter HQ this morning and retweeted frequently by Aldub Nation denizens:
—————————-4 PM Update:As of 12 noon today, Twitter was able to “secure and reclaim” Maine’s account. Shortly thereafter, Maine sent out a simple Tweet confirming “she’s back”:Twitter is back, however, as of this writing, she is still locked out of her Facebook and Email accounts. And as of 4 pm Tuesday she has been unable to log into her Instagram account as well.—————————
Lesson learned: Step up your security game
Twitter accounts are a lot easier to hack than websites, leading us to speculate this was just low hanging fruit for the local Anonymous guys. Nevertheless, this episode illustrates the danger that verified Twitter accounts can face. Being extremely popular accounts with millions of followers (Maine’s account has over 2.4 Million), they are very vulnerable, and left unprotected can be easy to compromise.
Ordinarily Twitter accounts are protected solely by a password, with your email account as the user ID. And that can be very weak. Passwords can be guessed or easily compromised via social engineering. And if anone here has watched the TV series “Mr. Robot”, you’ll know that social engineering is the first thing a hacker tries to use to break into an account.
If I can advise Maine, I would advise her to start exploring activating two-factor authentication on her Twitter account. This involves registering your mobile number to Twitter and then linking it to her account. You then enable two factor authentication, which adds a second layer of security when you try to log in to your account. A six-digit access code (like a PIN) is sent to your mobile number via SMS. This means a hacker would also need physical possession of your mobile phone (and your SIM) in order to log in to your account.
The process is documented on Twitter’s own blog here.
Twitter recently enhanced its two factor authentication so it can even work without SMS (in the event your carrier craps out), using the app notifications from the app on the phone associated with the account. This was reported on by WIRED here.
Maybe there’s a lesson in this for all of us. You don’t have to be as famous as YayaDub to get hacked. So as November 5 approaches, we can all step our security game. Change your passwords frequently, and check out techniques like two-factor authentication when you need that extra layer of security.