ALBANY, N.Y/HONG KONG (AP/NEWS10) — A breach in Twitter’s security that allowed hackers to break into the accounts of leaders and technology moguls is one of the worst attacks in recent years and may shake trust in a platform politicians and CEOs use to communicate with the public, experts said Thursday.
Also on Thursday, New York’s Gov. Andrew Cuomo said he would direct the state’s Department of Financial Services to conduct a full investigation of the hack, highlighting the potential influence of social media on the democratic process.
“The Twitter hack and widespread takeover of verified Twitter accounts is deeply troubling and raises concerns about the cybersecurity of our communications systems, which are critical as we approach the upcoming presidential election,” Cuomo said. “This type of hack by con artists for financial gain can also be a tool of foreign actors and others to spread disinformation and—as we’ve witnessed—disrupt our elections.”
With over 300 million users, Twitter is often a primary news source and prime target for bad actors. In this case, hackers used social engineering to target some of Twitter’s employees and gain access to the high-profile accounts.
Cybersecurity experts say such a breach could have dire consequences since the attackers were tweeting from verified, globally influential accounts with millions of followers.
“If you receive a tweet from a verified account, belonging to a well-known and therefore trusted person, you can no longer assume it’s really from them,” said Michael Gazeley, managing director of cybersecurity firm Network Box.
Reacting to the breach, Twitter swiftly deleted the tweets and locked down the accounts to investigate. In the process it prevented verified users from sending out tweets for several hours.
The company said Thursday it has taken “significant steps to limit access to internal systems and tools.”
Many celebrities, politicians and business leaders often use Twitter as a public platform to make statements. President Donald Trump, for example, regularly uses Twitter to post about national and geopolitical matters, and his account is closely followed by media, analysts, and governments around the world.
“Cyberattacks are a major threat and this incident shows how easily fraudulent and false information can be spread to millions of consumers,” said Linda Lacewell, Superintendent of New York’s Department of Financial Services.
Twitter faces an uphill battle in regaining people’s confidence, Gazeley said. For a start, it needs to figure out exactly how the accounts were hacked and show the vulnerabilities have been fixed, he said.
“If key employees at Twitter were tricked, that’s actually a serious cybersecurity problem in itself,” he said. “How can one of the world’s most-used social media platforms have such weak security, from a human perspective?”
Rachel Tobac, CEO of Socialproof Security, said that the breach appeared to be largely financially motivated. But such an attack could cause more serious consequences.
“Can you imagine if they had taken over a world leader’s account, and tweeted out a threat of violence to another country’s leader?” asked Tobac, a social engineering hacker who specializes in providing training for companies to protect themselves from such breaches.
Social engineering attacks typically target human weaknesses to exploit networks and online platforms. Companies can guard themselves against such attacks by beefing up multi-factor authentication—where users have to present multiple pieces of evidence as authentication before being allowed to log into a system, Tobac said.
Such a process could include having a physical token that an employee must have with them, on top of a password, before they can log into a corporate or other private system. Other methods include installing technical tools to monitor for suspicious insider activities and reducing the number of people who have access to an administrative panel, Tobac said.
Sen. Josh Hawley called on Twitter to cooperate with authorities including the Department of Justice and the FBI to secure the site.
“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” he said.
He added that millions of users relied on Twitter not just to send tweets but also communicate privately via direct messaging.
“A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security,” said Hawley.
- Rensselaer County seeing highest number of coronavirus cases since pandemic began
- Next generation of philanthropists prepare for Giving Tuesday
- Getting in the holiday spirit at Christmas Land
- Siena basketball legend Tay Fisher helps launch KeyBank Assists initiative
- America’s growing debt crisis sparks concerns for future generations