Twitter hack jolts companies into a social media security check
Twitter’s major hacking incident last week should serve as a stark reminder for businesses to perform critical health checks of their social media accounts and the people who have access to them, according to social media and security experts.
On Wednesday, around 130 accounts — including those of prominent users such as Elon Musk and Joe Biden as well as Uber and Apple’s official accounts — were compromised by scammers who used many of them to send tweets encouraging users to direct money to a cryptocurrency account.
Twitter said it is still investigating the incident, which it believes occurred after “a coordinated social engineering attack” was waged on some of its employees in order to gain access to its internal administrator tools. It’s unclear whether the hackers also accessed affected users’ private messages. The FBI has also launched an investigation into the hack.
While the nature of this hack suggests there was little account holders themselves could have done to prevent themselves from falling victim to this particular hack, there are several security measures any company that manages social media accounts should take regularly to avoid other potential risks.
On the day following the hack, one large advertising company sent around internal communications emphasizing the importance of password security and reminding employees to ensure that people who no longer require access to advertising management accounts are removed from those systems. Similarly, employees were reminded that only people with a certain level of seniority and sign off should have the ability to be administrators, according to an executive at that agency who declined to be named.
On Twitter specifically, account holders can review the number of active “sessions” and opt to log out other users and devices within their account settings.
Often in the advertising and media industries, mid-level employees can have access to powerful tools — from CMS access, to customer-relationship management software and client social media accounts.
“It might be useful to think about background checks before you give them the keys,” said Helga Turku, data protection and privacy director at data protection consultancy HewardMills. Twitter knows all too well the importance of properly vetting employees: Two former Twitter employees were charged with spying on user accounts on behalf of the Saudi Arabian government last year.
Twitter’s security incident emphasizes that companies need to create a culture of privacy, where it become ingrained into how employees think about everyday tasks, Turku said.
“Not just yearly training … a checkbox and it’s over — it has to be something meaningful because these data breaches have a significant impact on the economy, security … [and] our democratic values,” Turku added.
Potential security risks can be heightened by the current work from home environment, particularly as staffers are likely to be using less secure networks and may be working on personal devices, said Jimmy Jones, telecom business development lead at security solutions company Positive Technologies.
“All security audits are worthwhile because there are a lot of times, when people start doing it, you realize the amount of access you’re providing people is huge — especially when working from home,” Jones added.
For Twitter — a platform where one tweet can spark an international political firestorm or send the stock market crashing — the potential implications of the hack are severe, particularly in a U.S. election year. Users could flee the platform if they feel their data and private messages are not correctly safeguarded. There’s also the potential for federal punishment. In 2010, Twitter settled charges with the Federal Trade Commission over failing to protect users’ personal information. Under the terms of that settlement, Twitter was barred for 20 years “from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information.”
A Twitter spokesperson directed Digiday to the ongoing updates on the investigation posted by the @TwitterSupport account but had no further comment.
The hacking incident occurred amid a period of scrutiny for technology platforms. TikTok has become the latest political hot potato. U.S. Secretary of State Mike Pompeo indicated earlier this month that the Trump administration was considering banning the app due to national security concerns related to its Chinese ownership. The app has already been banned in India. Meanwhile, hundreds of advertisers are currently boycotting Facebook to protest the way it handles hate speech and misinformation.
While a handful of advertisers have also extended their pauses to other platforms, including Twitter, the company largely escaped the recent barrage of negative headlines.
“Twitter was sort of on the rise,” said Brendan Gahan, chief social officer at creative agency Mekanism. “They’ve done a good job showing they’re trying to stamp out misinformation. It seems like they were poised to really stand in contrast to Facebook and potentially benefit from it.”
Last week’s hack, Gahan continued, “is going to slow the momentum and goodwill they generated.”
Browser makers, now including Mozilla’s Firefox, are already ditching Google’s proposed cookieless ad targeting method FLoC
Google's cohort-based tracking needs browser support to work, but browsers like Brave and Microsoft Edge can easily block its functionality.
‘It’s OK if someone wants to work 3 or 4 days a week’: How female news leaders are changing media culture for women
There's still a long way to go before the media workplace is a level playing field for men and women, but female news chiefs are pushing hard to change internal cultures.
Cheat Sheet: What a ‘radical’ GOP antitrust bill that would kill big tech acquisitions has in common with the Democrats’ push for reform
Bipartisan momentum behind Sen. Josh Hawley’s antitrust bill is likely to be tepid, but it could spur more dialogue on anti-competitive behavior in an tech-ruled era.
SponsoredVideo: How employer rewards and incentives changed in 2020
The nature of employer rewards programs has transformed, accelerated by the events of 2020 — a year of sweeping change. Employees shifted to digital, their preferences moved to digital wallets and they asked for new and surprising ways to use the rewards their employers delivered. In these new interviews, employer rewards experts talk about the evolving […]
Member ExclusiveMedia Briefing: How publishers are pushing podcasts to new audiences
Podcast listening has rebounded from an initial pandemic-induced dip. But publishers still have work to do to attract more people to their shows.
Los Angeles Times enters crowded daily news podcast market with a West Coast twist
The Los Angeles Times is banking on offering a West Coast twist to daily news podcasting when it debuts its own version next month.