Twitter hack jolts companies into a social media security check
Twitter’s major hacking incident last week should serve as a stark reminder for businesses to perform critical health checks of their social media accounts and the people who have access to them, according to social media and security experts.
On Wednesday, around 130 accounts — including those of prominent users such as Elon Musk and Joe Biden as well as Uber and Apple’s official accounts — were compromised by scammers who used many of them to send tweets encouraging users to direct money to a cryptocurrency account.
Twitter said it is still investigating the incident, which it believes occurred after “a coordinated social engineering attack” was waged on some of its employees in order to gain access to its internal administrator tools. It’s unclear whether the hackers also accessed affected users’ private messages. The FBI has also launched an investigation into the hack.
While the nature of this hack suggests there was little account holders themselves could have done to prevent themselves from falling victim to this particular hack, there are several security measures any company that manages social media accounts should take regularly to avoid other potential risks.
On the day following the hack, one large advertising company sent around internal communications emphasizing the importance of password security and reminding employees to ensure that people who no longer require access to advertising management accounts are removed from those systems. Similarly, employees were reminded that only people with a certain level of seniority and sign off should have the ability to be administrators, according to an executive at that agency who declined to be named.
On Twitter specifically, account holders can review the number of active “sessions” and opt to log out other users and devices within their account settings.
Often in the advertising and media industries, mid-level employees can have access to powerful tools — from CMS access, to customer-relationship management software and client social media accounts.
“It might be useful to think about background checks before you give them the keys,” said Helga Turku, data protection and privacy director at data protection consultancy HewardMills. Twitter knows all too well the importance of properly vetting employees: Two former Twitter employees were charged with spying on user accounts on behalf of the Saudi Arabian government last year.
Twitter’s security incident emphasizes that companies need to create a culture of privacy, where it become ingrained into how employees think about everyday tasks, Turku said.
“Not just yearly training … a checkbox and it’s over — it has to be something meaningful because these data breaches have a significant impact on the economy, security … [and] our democratic values,” Turku added.
Potential security risks can be heightened by the current work from home environment, particularly as staffers are likely to be using less secure networks and may be working on personal devices, said Jimmy Jones, telecom business development lead at security solutions company Positive Technologies.
“All security audits are worthwhile because there are a lot of times, when people start doing it, you realize the amount of access you’re providing people is huge — especially when working from home,” Jones added.
For Twitter — a platform where one tweet can spark an international political firestorm or send the stock market crashing — the potential implications of the hack are severe, particularly in a U.S. election year. Users could flee the platform if they feel their data and private messages are not correctly safeguarded. There’s also the potential for federal punishment. In 2010, Twitter settled charges with the Federal Trade Commission over failing to protect users’ personal information. Under the terms of that settlement, Twitter was barred for 20 years “from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information.”
A Twitter spokesperson directed Digiday to the ongoing updates on the investigation posted by the @TwitterSupport account but had no further comment.
The hacking incident occurred amid a period of scrutiny for technology platforms. TikTok has become the latest political hot potato. U.S. Secretary of State Mike Pompeo indicated earlier this month that the Trump administration was considering banning the app due to national security concerns related to its Chinese ownership. The app has already been banned in India. Meanwhile, hundreds of advertisers are currently boycotting Facebook to protest the way it handles hate speech and misinformation.
While a handful of advertisers have also extended their pauses to other platforms, including Twitter, the company largely escaped the recent barrage of negative headlines.
“Twitter was sort of on the rise,” said Brendan Gahan, chief social officer at creative agency Mekanism. “They’ve done a good job showing they’re trying to stamp out misinformation. It seems like they were poised to really stand in contrast to Facebook and potentially benefit from it.”
Last week’s hack, Gahan continued, “is going to slow the momentum and goodwill they generated.”
Member ExclusiveMedia Briefing: How publishers’ fourth-quarter ad sales strategies are shaping up
This week’s Media Briefing checks in with publishers to see where things stand with fourth quarter ad sales as the biggest season in the sales cycle approaches.
Fewer stories, told better: News UK is changing how it commissions stories to grow subs
The Times (UK) and The Sunday Times are changing the way they commission stories to grow digital subscriptions.
‘We are the new type of competition’: How Stagwell Group’s CEO Mark Penn is going after the holding companies
Stagwell chairman and CEO, Is focused on growing its roster of SaaS products, and updating its media arm to fold in first-party data generation that’s not cookie-dependent.
SponsoredHow advertisers can tell the difference between banner blindness and ad-aware consumers
Aditya Padhye, general manager, Trestle at eyeo Advertising is part and parcel of daily life –– from billboards in the street to smartphone apps, its presence is unavoidable. While some advertising strikes a chord with people, there are certain ads that have the opposite effect. Increasing internet usage among all demographics, higher demand for sales […]
BFFs once more, advertisers and publishers rediscover their alliance amid tracking turmoil
Direct deals between advertisers and publishers are being pitched harder now as advertisers see publishers as a valuable source of audience data post-third-party cookies.
‘Journalism can only be as good as our newsroom culture’: Vox Media’s new editors-in-chief are redefining the roles
The modern newsroom has more working against it than it did even a couple years ago and the new guard of editors-in-chief are now facing those challenges head on while leading by example.