Twitter’s major hacking incident last week should serve as a stark reminder for businesses to perform critical health checks of their social media accounts and the people who have access to them, according to social media and security experts.
On Wednesday, around 130 accounts — including those of prominent users such as Elon Musk and Joe Biden as well as Uber and Apple’s official accounts — were compromised by scammers who used many of them to send tweets encouraging users to direct money to a cryptocurrency account.
Twitter said it is still investigating the incident, which it believes occurred after “a coordinated social engineering attack” was waged on some of its employees in order to gain access to its internal administrator tools. It’s unclear whether the hackers also accessed affected users’ private messages. The FBI has also launched an investigation into the hack.
While the nature of this hack suggests there was little account holders themselves could have done to prevent themselves from falling victim to this particular hack, there are several security measures any company that manages social media accounts should take regularly to avoid other potential risks.
On the day following the hack, one large advertising company sent around internal communications emphasizing the importance of password security and reminding employees to ensure that people who no longer require access to advertising management accounts are removed from those systems. Similarly, employees were reminded that only people with a certain level of seniority and sign off should have the ability to be administrators, according to an executive at that agency who declined to be named.
On Twitter specifically, account holders can review the number of active “sessions” and opt to log out other users and devices within their account settings.
Often in the advertising and media industries, mid-level employees can have access to powerful tools — from CMS access, to customer-relationship management software and client social media accounts.
“It might be useful to think about background checks before you give them the keys,” said Helga Turku, data protection and privacy director at data protection consultancy HewardMills. Twitter knows all too well the importance of properly vetting employees: Two former Twitter employees were charged with spying on user accounts on behalf of the Saudi Arabian government last year.
Twitter’s security incident emphasizes that companies need to create a culture of privacy, where it become ingrained into how employees think about everyday tasks, Turku said.
“Not just yearly training … a checkbox and it’s over — it has to be something meaningful because these data breaches have a significant impact on the economy, security … [and] our democratic values,” Turku added.
Potential security risks can be heightened by the current work from home environment, particularly as staffers are likely to be using less secure networks and may be working on personal devices, said Jimmy Jones, telecom business development lead at security solutions company Positive Technologies.
“All security audits are worthwhile because there are a lot of times, when people start doing it, you realize the amount of access you’re providing people is huge — especially when working from home,” Jones added.
For Twitter — a platform where one tweet can spark an international political firestorm or send the stock market crashing — the potential implications of the hack are severe, particularly in a U.S. election year. Users could flee the platform if they feel their data and private messages are not correctly safeguarded. There’s also the potential for federal punishment. In 2010, Twitter settled charges with the Federal Trade Commission over failing to protect users’ personal information. Under the terms of that settlement, Twitter was barred for 20 years “from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information.”
A Twitter spokesperson directed Digiday to the ongoing updates on the investigation posted by the @TwitterSupport account but had no further comment.
The hacking incident occurred amid a period of scrutiny for technology platforms. TikTok has become the latest political hot potato. U.S. Secretary of State Mike Pompeo indicated earlier this month that the Trump administration was considering banning the app due to national security concerns related to its Chinese ownership. The app has already been banned in India. Meanwhile, hundreds of advertisers are currently boycotting Facebook to protest the way it handles hate speech and misinformation.
While a handful of advertisers have also extended their pauses to other platforms, including Twitter, the company largely escaped the recent barrage of negative headlines.
“Twitter was sort of on the rise,” said Brendan Gahan, chief social officer at creative agency Mekanism. “They’ve done a good job showing they’re trying to stamp out misinformation. It seems like they were poised to really stand in contrast to Facebook and potentially benefit from it.”
Last week’s hack, Gahan continued, “is going to slow the momentum and goodwill they generated.”
How publishers are future proofing their commerce offerings for post-pandemic consumers
Four publishers gathered at Digiday Media's Commerce for Publishers Forum to talk about their affiliate programs and strategies.
Member ExclusiveMedia Briefing: Publishers and media unions are still haggling over office-return plans heading into the summer
In this week's Media Briefing, senior media reporter Sara Guaglione reports on how unions at some major media companies are pushing back against publishers' return to office mandates, with The New York Times Guild seemingly netting a victory on Wednesday.
‘He thought I was accusing him of being racist’: Confessions of a comms pro on working with out of touch leadership
The [CEO] and one of the other co-founders felt the need to point out that they mentor black people and donate to black-focused charities. 'It wasn't about them, but they were making it about them.'
SponsoredHow marketers and retailers are unlocking the true value of retail media
Ben Kneen, senior director of product management, Xandr It’s a challenging time for retailers in the advertising industry. As they cope with supply chain woes and inflation-related pressures, they seek high-margin revenue streams amid evolving privacy regulations and massive shifts in identity solutions — including IDFA, the deprecation of third-party cookies and more. In light […]
As economic uncertainty grows, senior media buyers expect decent upfront pricing options across linear and digital
TV sellers face a steeper uphill climb to sell billions of ad time in advance, as market indicators look increasingly gloomy. But that's not stopping one seller from seeking aggressive pricing and volume gains.
Inside Hearst UK’s multi-pronged approach to third-party cookie replacements
Hearst UK's Ryan Buckley and Faye Turner are testing everything from 50,000-person panels to clean rooms.