Yesterday the whole world was alerted to several very high profile twitter accounts posting that they wanted to give back to the community. This included accounts owned by Bill Gates, Elon Musk, Barack Obama, and many others. Here is an example of one of these tweets:
These posts spread like wild fire on twitter, and other social media, as each of these accounts have followers in the millions. But something was odd about these posts. First, all of them were identical. Second, the owners of these accounts claimed they never posted these tweets. Were their accounts hacked? Was Twitter itself hacked? Was this an inside job? Needless to say this caused a lot of confusion.
The Twitter Security team was engaged quickly on this issue, as they needed to find the root cause and fast. They quickly disabled many of these accounts to limit the damage as they tried to get to the bottom of the situation. After about 5 hours into the incident they posted that they found the root cause:
They then went on to point out the steps they were taking to limit the damage and essentially outlined the cleanup work they needed to complete to prevent this from happening in the future. Unfortunately, however, the damage was done. In all the attackers were able to make off with over $118,000 in just under 3 hours. But worse, this damages Twitters reputation as a reliable and secure company. A lot of people use Twitter as a tool to communicate with followers, fans, and business contacts.
This incident reminds me of 3 key things to keep in mind:
- Account security is vital for your company. Attackers have more easy to use tooling at their finger tips that are designed to do nothing but steal your employee accounts, and they are constantly scanning the internet looking for vulnerable accounts that use well known, or compromised passwords. Don’t think your company is safe from this either, they target indiscriminately.
- Limit what your employees can access. Its best practice that each employee, including yourself, only have access to what they absolutely need in order to do their job function. This way if an account is compromised the damage is limited just to what that employee can access.
- Backups are vital. When accounts are stolen its always good to have a backup of files as attackers can infect files to regain access back into your business.
If you are concerned about the security of your business, give us a call. We are happy to offer you a free, no obligation, technology audit of your business so you know exactly where you stand.