Twitter hack jolts companies into a social media security check
Twitter’s major hacking incident last week should serve as a stark reminder for businesses to perform critical health checks of their social media accounts and the people who have access to them, according to social media and security experts.
On Wednesday, around 130 accounts — including those of prominent users such as Elon Musk and Joe Biden as well as Uber and Apple’s official accounts — were compromised by scammers who used many of them to send tweets encouraging users to direct money to a cryptocurrency account.
Twitter said it is still investigating the incident, which it believes occurred after “a coordinated social engineering attack” was waged on some of its employees in order to gain access to its internal administrator tools. It’s unclear whether the hackers also accessed affected users’ private messages. The FBI has also launched an investigation into the hack.
While the nature of this hack suggests there was little account holders themselves could have done to prevent themselves from falling victim to this particular hack, there are several security measures any company that manages social media accounts should take regularly to avoid other potential risks.
On the day following the hack, one large advertising company sent around internal communications emphasizing the importance of password security and reminding employees to ensure that people who no longer require access to advertising management accounts are removed from those systems. Similarly, employees were reminded that only people with a certain level of seniority and sign off should have the ability to be administrators, according to an executive at that agency who declined to be named.
On Twitter specifically, account holders can review the number of active “sessions” and opt to log out other users and devices within their account settings.
Often in the advertising and media industries, mid-level employees can have access to powerful tools — from CMS access, to customer-relationship management software and client social media accounts.
“It might be useful to think about background checks before you give them the keys,” said Helga Turku, data protection and privacy director at data protection consultancy HewardMills. Twitter knows all too well the importance of properly vetting employees: Two former Twitter employees were charged with spying on user accounts on behalf of the Saudi Arabian government last year.
Twitter’s security incident emphasizes that companies need to create a culture of privacy, where it become ingrained into how employees think about everyday tasks, Turku said.
“Not just yearly training … a checkbox and it’s over — it has to be something meaningful because these data breaches have a significant impact on the economy, security … [and] our democratic values,” Turku added.
Potential security risks can be heightened by the current work from home environment, particularly as staffers are likely to be using less secure networks and may be working on personal devices, said Jimmy Jones, telecom business development lead at security solutions company Positive Technologies.
“All security audits are worthwhile because there are a lot of times, when people start doing it, you realize the amount of access you’re providing people is huge — especially when working from home,” Jones added.
For Twitter — a platform where one tweet can spark an international political firestorm or send the stock market crashing — the potential implications of the hack are severe, particularly in a U.S. election year. Users could flee the platform if they feel their data and private messages are not correctly safeguarded. There’s also the potential for federal punishment. In 2010, Twitter settled charges with the Federal Trade Commission over failing to protect users’ personal information. Under the terms of that settlement, Twitter was barred for 20 years “from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information.”
A Twitter spokesperson directed Digiday to the ongoing updates on the investigation posted by the @TwitterSupport account but had no further comment.
The hacking incident occurred amid a period of scrutiny for technology platforms. TikTok has become the latest political hot potato. U.S. Secretary of State Mike Pompeo indicated earlier this month that the Trump administration was considering banning the app due to national security concerns related to its Chinese ownership. The app has already been banned in India. Meanwhile, hundreds of advertisers are currently boycotting Facebook to protest the way it handles hate speech and misinformation.
While a handful of advertisers have also extended their pauses to other platforms, including Twitter, the company largely escaped the recent barrage of negative headlines.
“Twitter was sort of on the rise,” said Brendan Gahan, chief social officer at creative agency Mekanism. “They’ve done a good job showing they’re trying to stamp out misinformation. It seems like they were poised to really stand in contrast to Facebook and potentially benefit from it.”
Last week’s hack, Gahan continued, “is going to slow the momentum and goodwill they generated.”
How The 19th relied on memberships and funding to launch during a pandemic
In order to keep on schedule to launch ahead of the U.S. presidential election, non-profit publisher The 19th had to rely heavily on membership and fundraising to meet its launch goal of $4 million.
‘Let the buyers know you exist’: How Morning Brew plans to grow brand ad dollars from its base of direct response
Direct-response ads accounted for 90% of Morning Brew's 2019 revenue in 2019. Its CEO wants brand advertising to account for 50% by the end of 2021.
‘A significant uptick in deal flow’: Why Europe is becoming a hotbed of ad tech innovation
Ad tech companies with data privacy and identity solutions are in vogue among the sector's investors and acquirers.
SponsoredPublishers: Assessing risk and ensuring payments in times of crisis
As the industry navigates the continued impacts of COVID-19, here’s the questions publishers should ask their programmatic partners or ad management providers to protect themselves from clawbacks and lost revenue.
‘We can be agile and evolve’: News UK is quickly growing a 7-figure incremental revenue stream from social video
The goal for Social Studio is a 10-day turnaround from campaign booking to going live.
Lack of events revenue squeezes B2B media, forcing virtual volume — and innovation
Advertising, subscriptions and commerce have begun to recover. But events have not, and B2B media companies are feeling the squeeze.