Around 250,000 people have had their passwords reset after ‘sophisticated’ hackers broke into Twitter’s database and stole emails and encrypted passwords. Here’s a guide on what you need to know

• • Charles Arthur: guardian.co.uk, Saturday 2 February 2013 12.37 GMT

Q: how can I find out if I have been affected?
Go to a web browser, go to twitter.com, log out (if you’re logged in) and try to log in with your usual password. If you can’t log in – it will say there’s a problem with your username or password – then you’ve been affected.

Q: I can’t check that just now. Am I likely to have been affected?

Only if you joined Twitter roughly in the first half of 2007. At that time it had a few million users. People (including myself) who joined in May 2007 have been affected. If you can’t remember when you joined Twitter, you can find out your “Twitter birthday” for yourself or any other user (it’s not private data).

Most people joined well after mid-2007, so on that basis you’re unlikely to have been affected.

Q: I can’t see an email from Twitter, and I can still post from Tweetdeck and other third-party clients – I haven’t tried the website. This means I’m OK, doesn’t it?

Not necessarily. The email from Twitter may have been filtered into your spam folder (users of Google’s Gmail should specifically look in their Spam folder; a search in the Gmail function won’t look at spam messages – and Twitter’s reset message to a Gmail account I use was filtered as spam.

The reason why third-party clients will still let you tweet is that Twitter doesn’t let them use your password. Instead, it uses “tokens” which are issued to the third-party programs, and authorise them to send tweets to Twitter’s database for redistribution to followers. The tokens weren’t revoked as part of the password reset; doing that would have meant that you’d have had to re-authorise all your apps, and for some apps Twitter has only made a limited number of tokens available. So that would have hurt both users and app developers.

Q: What did the hackers get? More here

PLEASE do take this opportunity to read a previous post on here – Password Management and Security Breaches.

While none of us are claiming to be up with the importance of Twitter, your website is important to YOU and your business. You need to protect it and keep it secure. Without wishing to be a scare-monger, it is so relevant to any website – people CAN get in and cause problems.

I recently sent an email out to people I am involved with and showed what happened to a website I have out there – NOT a business site, but the fact that it was hacked was a real irritation and took time to clear up.

One morning I opened my weblink to find the following red screen in place! Google had listed me as a “bad place” to visit!

My site was still accessible on logging into the Dashboard, and if you were brave enough there’s a link to get rid of that screen and go in, BUT the site was compromised. It took me a whole day to get rid of the problem that someone had planted and then contact Google to say, ‘please put me back on the search listings’ without the …”harm your computer…” warning!

I suppose the whole incident took several days to put right by the time Google had sorted me out! I thought the steps I had taken were good enough to protect my sites……..this particular site that was a problem is NOT a business site.

I would like to prevent such things happening to your business sites….It MAY or may not happen, but it’s an issue we need to consider.

Back Up Buddy Plugin:

I recently aquired and now have available a really efficient plugin that will back up sites and re-install a compromised site with the click of a few buttons and new database set up etc…. This can be set to update backups regularly – depending on the amount of additional content that is added to the site over a period of time – if you regularly use the blogging / diary feature for instance, we would need to set backups to run weekly. These can then be used to reset the site to the latest version should a system or plugin update cause problems….which CAN also occur… However – the back up system could prevent major losses of content and above all – time….

Security Enhancement for Your Sites

I also have a short Blog Defender course I bought into that has a very good security set up using a few more items that can be installed on all of your sites. These security plugins are ALL free of charge – the back up plugin does come with a small charge. I have paid that to allow me to use it on all your sites.

Unfortunately, I cannot guarantee that a site will not be compromised in the future – I think that would be a tad foolhardy with the way “people out there” work. However the backup system will mean “normal service” can be resumed asap.

Please do let me know your thoughts and ANY questions you may have on the subject of backing up and security issues…

Password management:

I would also draw attention to the Password Management post on this website that you MAY have seen…however if it has passed you by – please just take a look…. consider logging into your site Dashboards >>> Users Link on the left – change your Username passwords to a LONG one of 15 or more characters. This is the minimum I would suggest!