Twitter was left red-faced last week with an account hacking incident that compromised nearly 130 accounts including Twitter handles of world celebrities, prominent figures, and Twitter employees. In view of the investigations conducted post the breach, Twitter found that it was the human-factor that led to the hack in the first place.
The Weak Link
With all the advanced security measures and tools in place, we often feel that our business perimeter is secured. However, it is not the process or technology that proves to be the weak link; it is the human that is the weaker link in cybersecurity. As per a survey by Black Hat, 91% of social engineering attacks are launched with a phishing email. It says, “A single human mistake, can result in an attacker taking over all of the organization’s infrastructure, no matter what hardware, software, or endpoint security implementation has been done from the defensive team,” and this is exactly what resulted in the Twitter hack.
According to Twitter, the attackers first targeted its employees through a social engineering attack to which a few of them fell prey to. The compromise meant that the attackers now possessed the login credentials of Twitter employees required to gain access into Twitter’s internal systems and tools. The sophistication of the attackers can be gauged from the fact that they even circumvented its two-factor authentication (2FA), which was in place to avoid such a security incident. Once in, they specifically targeted 130 Twitter accounts of which 45 were used to send tweets after the attackers reset their passwords.
Things We Know So Far About the Twitter Hack…
- Attackers used a “social engineering attack” to target Twitter employees.
- Nearly 130 Twitter accounts were hacked once the attackers gained access to Twitter’s internal system and tools using compromised employee credentials.
- They also bypassed the two-factor authentication (2FA) of these accounts.
- Attackers were able to initiate a password reset, account login, and Tweet sending for 45 accounts.
- Personal information including email addresses and phone numbers of certain users may have been viewed by the attackers along with some additional info.
- However, the attackers could not view previous account passwords, as these are encrypted and cannot be accessed using the tools used in the attack.
Twitter’s Way Forward
Taking remedial measures, Twitter restricted the affected accounts from tweeting or resetting the password. With the investigation still going on, the work is cut-out for Twitter going forward. Its core objective to prevent future hacks include:
- Restoring account access of all affected users who may still be locked out because of their remediation measures.
- Continue further investigation and co-operate with law enforcement authorities in their combined efforts.
- Increase security measures of its systems to prevent a relapse.
- Provide and implement company-wide cybersecurity training against social engineering tactics like phishing emails and SMSs, and keep their employees updated with ongoing phishing campaigns throughout the year.