Rep. Anthony Weiner said Wednesday that he was the “victim of a prank” with his now infamous Twitter photo fail.
He has said his Twitter account was hacked when a tweet from his account to a Seattle area woman contained a photo of a groin.
As the lawmaker’s assertions are picked apart, security experts weighed in on his story.
Turns out, there are plenty of tools within easy reach for pranksters and hackers to break into a Twitter or Facebook account, according to John Harrison, a group manager of security firm Symantec’s Security Response team.
But public figures such as Weiner should know better and work harder to make their accounts secure, he and others said.
Politicians have more public information about themselves on the Web — their high schools, family members’ names, birthdates, hometowns and pets’ names. A hacker need only read through the tweet stream of a politician such as Sen. Claire McCaskill (D-Mo.) to know that her daughter graduated from college last week and that she’s trying to lose weight. All that information and public records make it easy to guess user names and common passwords.
If they can’t access a Twitter or Facebook account directly, hackers will try to use those same tricks on the user’s e-mail accounts. Once an e-mail account is breached, a hacker can reset their victim’s username and password on social media accounts.
Here are the other ways Weiner’s account could have been compromised:
• Phishing attacks: A user receives an e-mail saying an online account has been compromised. The e-mail will ask for credit card information, usernames and passwords.
• Malware: Twitter is all about passing shortened links. Be careful when you click on those links, however, which may contain malware that gets into your computer and steals information from your hard drive.
• Unsecure Wi-Fi networks: It’s nice to log on to your public library or coffee shot hot spot, but hackers on the same network can get into your online accounts through your browser. Solution: Weiner shouldn't be checking his Twitter account at the Capitol Hill Starbucks. He should use a secure Web connection like “https” or “ssl.”
Twitter sent around tips to Congress members for safer tweeting habits after concerns that their own accounts could be hijacked.
Here’s what people can do to keep their social media accounts safe and secure, Harrison said:
• Look for advanced default settings offered by social networks.
• Use secure wireless networks
• Update security patches often
• Set up social media accounts to provide alerts when being accessed from a new device or location
• Don’t be predictable: Don’t use 1234 or your spouse’s name as your password.