Twitter hack jolts companies into a social media security check
Twitter’s major hacking incident last week should serve as a stark reminder for businesses to perform critical health checks of their social media accounts and the people who have access to them, according to social media and security experts.
On Wednesday, around 130 accounts — including those of prominent users such as Elon Musk and Joe Biden as well as Uber and Apple’s official accounts — were compromised by scammers who used many of them to send tweets encouraging users to direct money to a cryptocurrency account.
Twitter said it is still investigating the incident, which it believes occurred after “a coordinated social engineering attack” was waged on some of its employees in order to gain access to its internal administrator tools. It’s unclear whether the hackers also accessed affected users’ private messages. The FBI has also launched an investigation into the hack.
While the nature of this hack suggests there was little account holders themselves could have done to prevent themselves from falling victim to this particular hack, there are several security measures any company that manages social media accounts should take regularly to avoid other potential risks.
On the day following the hack, one large advertising company sent around internal communications emphasizing the importance of password security and reminding employees to ensure that people who no longer require access to advertising management accounts are removed from those systems. Similarly, employees were reminded that only people with a certain level of seniority and sign off should have the ability to be administrators, according to an executive at that agency who declined to be named.
On Twitter specifically, account holders can review the number of active “sessions” and opt to log out other users and devices within their account settings.
Often in the advertising and media industries, mid-level employees can have access to powerful tools — from CMS access, to customer-relationship management software and client social media accounts.
“It might be useful to think about background checks before you give them the keys,” said Helga Turku, data protection and privacy director at data protection consultancy HewardMills. Twitter knows all too well the importance of properly vetting employees: Two former Twitter employees were charged with spying on user accounts on behalf of the Saudi Arabian government last year.
Twitter’s security incident emphasizes that companies need to create a culture of privacy, where it become ingrained into how employees think about everyday tasks, Turku said.
“Not just yearly training … a checkbox and it’s over — it has to be something meaningful because these data breaches have a significant impact on the economy, security … [and] our democratic values,” Turku added.
Potential security risks can be heightened by the current work from home environment, particularly as staffers are likely to be using less secure networks and may be working on personal devices, said Jimmy Jones, telecom business development lead at security solutions company Positive Technologies.
“All security audits are worthwhile because there are a lot of times, when people start doing it, you realize the amount of access you’re providing people is huge — especially when working from home,” Jones added.
For Twitter — a platform where one tweet can spark an international political firestorm or send the stock market crashing — the potential implications of the hack are severe, particularly in a U.S. election year. Users could flee the platform if they feel their data and private messages are not correctly safeguarded. There’s also the potential for federal punishment. In 2010, Twitter settled charges with the Federal Trade Commission over failing to protect users’ personal information. Under the terms of that settlement, Twitter was barred for 20 years “from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information.”
A Twitter spokesperson directed Digiday to the ongoing updates on the investigation posted by the @TwitterSupport account but had no further comment.
The hacking incident occurred amid a period of scrutiny for technology platforms. TikTok has become the latest political hot potato. U.S. Secretary of State Mike Pompeo indicated earlier this month that the Trump administration was considering banning the app due to national security concerns related to its Chinese ownership. The app has already been banned in India. Meanwhile, hundreds of advertisers are currently boycotting Facebook to protest the way it handles hate speech and misinformation.
While a handful of advertisers have also extended their pauses to other platforms, including Twitter, the company largely escaped the recent barrage of negative headlines.
“Twitter was sort of on the rise,” said Brendan Gahan, chief social officer at creative agency Mekanism. “They’ve done a good job showing they’re trying to stamp out misinformation. It seems like they were poised to really stand in contrast to Facebook and potentially benefit from it.”
Last week’s hack, Gahan continued, “is going to slow the momentum and goodwill they generated.”
‘Catalyst for growth’: GroupM’s Brian Wieser bumps up his 2021 and 2022 global and U.S. ad forecasts
The latest global ad revenue forecast from WPP’s GroupM is out — and if it’s accurate, media is going to have a pretty great 2022 with almost 10 percent growth.
Member ExclusiveMedia Buying Briefing: ‘There’s a real strain’ on media agencies as they try to staff up after mediapalooza gains
How will media agencies staff up when employees are leaving in droves, either from burnout or more lucrative offers from brands and tech firms?
How Reuters Events maintains a role for virtual as it returns to in-person events
After a successful two years running mostly virtual conferences, Reuters Events is exploring more hybrid and in-person components to its events for next year.
SponsoredMarketer’s playbook: Delivering performance alongside privacy
Jonathan Meltzer, director of marketing, ads privacy, platforms and measurement, Google One way to prepare any business for what’s next in 2021 and 2022 is to invest in data and insights. However, shifts in consumer expectations challenge even the most experienced marketing team to find safer ways to show people ads and measure campaigns. To […]
‘Lens of the West Coast’: Inside the L.A. Times’ new head of audio’s plan to focus the publisher’s podcasts
Aguilera wants people to one day associate the newspaper publisher with its podcasts and their West Coast "vibe and tone." But first, she is tasked with growing the L.A. Times' daily news show "The Times."
Member ExclusiveMedia Briefing: What publishers should watch for when meeting with blockchain vendors
In this week's Media Briefing, media editor Kayleigh Barber explores the primary questions publishers should be asking when evaluating potential blockchain partners.