Home  › Social › Social Media
New Twitter logo

How to Protect Your Twitter Account From Hackers

  |  May 13, 2013   |  Comments

Breaches affecting Associated Press, Onion, and Sex and the City author show need for extra security measures on firms' social sites.

The use of social networking accounts by businesses for public relations and publicity is creating a fresh set of security headaches for users and service operators.

Recently, a spate of high-profile account Twitter hacks has put a focus on social networking security. News sites such as the Associated Press and The Onion have fallen prey to account thefts from phishing operations, while writer Candace Bushnell had her account breached by Guccifer, the same hacker who famously breached the account of former President George W Bush. In the case of Bushnell, the attack also led to a costly data breach as the first 50 pages of the Sex and the City author's new novel were leaked.

While Twitter is putting protection in place for individual users by adding measures such as two-factor authentication, such security precautions are less impractical for corporate publicity accounts where multiple people share access to an account and require access independently.

The unique challenges posed by company accounts and the outbreak of attacks exploiting them is causing security experts to suggest a new approach to managing and securing accounts. Scott Behrens, senior security consultant with Neohapsis, told ClickZ's sister publication, V3, that in order to secure accounts where one person alone can't be responsible for access, measures have to be taken to mitigate risk.

Behrens said that companies operating Twitter accounts designed to interact with the public should minimize the potential for a breach by keeping access to such accounts limited and by following best practices with passwords.

"They can keep the number of people who know the shared password and accounts to the bare minimum, don't involve people who post once a year. Figure out who the people are who are involved in the task and enable them," Behrens said.

In addition, Behrens noted that accounts that manage secured content, as in the case of Bushnell, should encrypt files before uploading to sharing sites and transmit keys to recipients via a secure medium such as a phone call.

For many firms, however, even the basic security practices are falling on deaf ears. Behrens noted that the Bush and Bushnell attacks were likely performed by guessing recovery answers and passwords with publicly available information, while the AP and Onion attacks were apparently the result of a phishing operation. In such cases, even limiting the access of multiple users would be futile as the attacker would still be able to take over an account.

Behrens added: "The battle cry to create strong passwords is still as relevant today as it was 10 years ago. The thing that is striking is still today phishing and guessing are attacks that succeed, some of the things we have been seeing for years still hold true."

Over the long haul, the service providers themselves may need to put business-specific protections in place. Behrens suggests that companies such as Twitter could help to better protect corporate and publicity-oriented accounts by allowing varying levels of access and permissions.

In such a scenario, an administrator would be allowed to set up an account and set an email address for password recovery and reset. Such permissions would be limited to that administrator and other users would not have edit permissions. Lower-level users could then be added to an account and have permissions such as posting content or re-tweeting but would not be able to make the changes that would allow an attacker or malicious insider to hijack an account and prevent password recovery.

"Along with two-factor authentication social media sites should incorporate this notion of multiple levels of user access. That type of function would serve a lot of social media and broadcast sites well," Behrens said.

This article was originally published on V3.

Tags:

ClickZ Live San Francisco This Year's Premier Digital Marketing Event is #CZLSF
ClickZ Live San Francisco (Aug 11-14) brings together the industry's leading practitioners and marketing strategists to deliver 4 days of educational sessions and training workshops. From Data-Driven Marketing to Social, Mobile, Display, Search and Email, this year's comprehensive agenda will help you maximize your marketing efforts and ROI. Register today!

ABOUT THE AUTHOR

Shaun Nichols

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Social newsletters delivered right to your inbox. Subscribe today!

COMMENTS

UPCOMING EVENTS

Featured White Papers

BigDoor: The Marketers Guide to Customer Loyalty

The Marketer's Guide to Customer Loyalty
Customer loyalty is imperative to success, but fostering and maintaining loyalty takes a lot of work. This guide is here to help marketers build, execute, and maintain a successful loyalty initiative.

Marin Software: The Multiplier Effect of Integrating Search & Social Advertising

The Multiplier Effect of Integrating Search & Social Advertising
Latest research reveals 68% higher revenue per conversion for marketers who integrate their search & social advertising. In addition to the research results, this whitepaper also outlines 5 strategies and 15 tactics you can use to better integrate your search and social campaigns.

WEBINARS

    Information currently unavailable

Jobs

    • Interactive Product Manager
      Interactive Product Manager (Western Governors University) - Salt Lake CityWestern Governors University, one of the 20 largest universities...
    • SEO Senior Analyst
      SEO Senior Analyst (University of Phoenix (Apollo Education Group)) - San FranciscoSEO Senior Analyst   Position Summary...
    • SEM & Biddable Media Manager
      SEM & Biddable Media Manager (Kepler Group LLC) - New YorkAs an Optimization & Innovation Manager at Kepler Group, you will be on the bleeding...