400M Twitter users’ data in one hacker’s hands? Steps to take now

The business world likes to pretend it doesn’t need geeks. But firearm geeks, history geeks, security geeks, branding geeks like me? We’ve all been affected by the pervasiveness of lean-staffing, and cutting or outsourcing jobs to please investors and myopic executives.

Then when something like a systems failure, PR cover up gone horribly wrong, or a credible threat of a massive data breach happens, it’s all hands on deck except the ones that were supposed to be there in the first place.

Not even a full month after the last leak, another hacker (called “Ryoshi”) has stepped up to the forum Breached, claiming possession of some 400 million users’ personal data.

Whether the leak is real or not remains to be seen as of writing, but it’s easy to believe.

I won’t even put this all on Elon – it’s never surprising when any company that uses layoffs as a profit building strategy ends up throwing the golden geese out with the bathwater.

That is to say, when companies ditch personnel in order to inflate profits on a disgusting technicality, things getting missed just plain makes sense.

So what now? Well, whether Ryushi’s hack attack is real or not, now’s as good a time as any to tighten your stuff up online.

Change all passwords to something indecipherable to most and do NOT SKIMP on the numbers and special characters. I gripe about how everything needs its own stupid app, and profile, and access to you and your attention forever and ever and ever (can I PLEASE just receive Kroger coupons in PEACE), and knowing that I need to make a unique password for 1,500 different things is a big part of that.

Still, password security is tantamount, even if your memory is a slipperier place than you’d like.

Honestly, I keep mine written down. Not under the keyboard or anything super obvious, but they are in one of my many notebooks.

Is that a risk? Sure…if someone wants to break into my house, find the books among many, find the pages, and then go from there. At that point, they kind of deserve whatever dark secrets I have on Indeed and Wisp.

Next step: Go through your profiles to see if you’re accidentally sharing more info than you meant to. For instance, you might be telling the world your birthday via a ‘What sentient dessert would a wizard turn you into’ meme, your mom’s maiden name through an RIP post of your grandmother, your birth year as you post your full Chinese zodiac sign, etc.

Most important things like credit card accounts, student loan stuff, and banking sites will need more info from you than you typically put online at all (social security, extra password hints, etc), but precaution can’t hurt you.

The point here is still this: Phishers (just like stalkers) don’t necessarily need everything from you all at once. They can get it piecemeal, and they can build a file to play a longer game than you’d think.

For everyone who doesn’t need the public to access their social media (influencers, idealogues, Jorts The Cat [and Jean], you’re all off the hook on this one), consider making your profiles friends/followers only, or restricting who can view/message you by instating request features.

Not only does this keep argumentative randos to a minimum while still letting you share, it adds an extra layer of security to anything you have to say.

Job searchers with a higher need to answer unknown numbers, turn your voicemail on and check it regularly, so anyone with hiring intentions can still reach. Job search site security is trash, and there are fake aggregators out there luring increasingly desperate people in with stale listings, so taking extra care is mandatory if you’re one of the many tech layoffs of this year, or just scanning the horizon.

Get your less savvy loved ones to read this (please), but above all, don’t think it can’t happen to you too.

I very nearly told a phisher more info about myself without them even having to ask…y’all ready for story time?

It was during my last job search that I got a text with a picture of what I HOPE was a younger adult woman posed salaciously (and fully clothed). Very realistically something you’d send to a client or lover.

“Wrong number,” say I.

“‘”I meant to send this to my friend, I’m so sorry! But you and I could hang out though…if you want,” says whoever.

At this point I very nearly replied, “‘”I’m a straight grown ass woman and not who you’re looking for at all,” and entertained sending an incredulous picture back, until it sank in a bit more – that’s not how anyone not in a porno flick acts. And in my rush to be sanctimonious (and maybe get some content out of it), I was still about to give some scammer more information about myself.

Perfidious.

I’ve been noticing more and more job searches than the last time I was on the market are asking for more upfront personal info like my picture, my date of birth, my address, and even my license and social (ostensibly to do a background check) before even entertaining an interview. The pervasive anti-worker atmosphere that permits such gross oversteppitude by even prospective bosses, combined with data breaches can give unscrupulous people all the access they need to throw cat poop on your whole life.

We’ll have more on this story as it develops. For now, go on and lock it down.