SocialSocial MediaHow to Protect Your Twitter Account From Hackers

How to Protect Your Twitter Account From Hackers

Breaches affecting Associated Press, Onion, and Sex and the City author show need for extra security measures on firms' social sites.

The use of social networking accounts by businesses for public relations and publicity is creating a fresh set of security headaches for users and service operators.

Recently, a spate of high-profile account Twitter hacks has put a focus on social networking security. News sites such as the Associated Press and The Onion have fallen prey to account thefts from phishing operations, while writer Candace Bushnell had her account breached by Guccifer, the same hacker who famously breached the account of former President George W Bush. In the case of Bushnell, the attack also led to a costly data breach as the first 50 pages of the Sex and the City author’s new novel were leaked.

While Twitter is putting protection in place for individual users by adding measures such as two-factor authentication, such security precautions are less impractical for corporate publicity accounts where multiple people share access to an account and require access independently.

The unique challenges posed by company accounts and the outbreak of attacks exploiting them is causing security experts to suggest a new approach to managing and securing accounts. Scott Behrens, senior security consultant with Neohapsis, told ClickZ’s sister publication, V3, that in order to secure accounts where one person alone can’t be responsible for access, measures have to be taken to mitigate risk.

Behrens said that companies operating Twitter accounts designed to interact with the public should minimize the potential for a breach by keeping access to such accounts limited and by following best practices with passwords.

“They can keep the number of people who know the shared password and accounts to the bare minimum, don’t involve people who post once a year. Figure out who the people are who are involved in the task and enable them,” Behrens said.

In addition, Behrens noted that accounts that manage secured content, as in the case of Bushnell, should encrypt files before uploading to sharing sites and transmit keys to recipients via a secure medium such as a phone call.

For many firms, however, even the basic security practices are falling on deaf ears. Behrens noted that the Bush and Bushnell attacks were likely performed by guessing recovery answers and passwords with publicly available information, while the AP and Onion attacks were apparently the result of a phishing operation. In such cases, even limiting the access of multiple users would be futile as the attacker would still be able to take over an account.

Behrens added: “The battle cry to create strong passwords is still as relevant today as it was 10 years ago. The thing that is striking is still today phishing and guessing are attacks that succeed, some of the things we have been seeing for years still hold true.”

Over the long haul, the service providers themselves may need to put business-specific protections in place. Behrens suggests that companies such as Twitter could help to better protect corporate and publicity-oriented accounts by allowing varying levels of access and permissions.

In such a scenario, an administrator would be allowed to set up an account and set an email address for password recovery and reset. Such permissions would be limited to that administrator and other users would not have edit permissions. Lower-level users could then be added to an account and have permissions such as posting content or re-tweeting but would not be able to make the changes that would allow an attacker or malicious insider to hijack an account and prevent password recovery.

“Along with two-factor authentication social media sites should incorporate this notion of multiple levels of user access. That type of function would serve a lot of social media and broadcast sites well,” Behrens said.

This article was originally published on V3.

Related Articles

Seeing the trees for the forest with paid social

Social & Community Seeing the trees for the forest with paid social

4w Mike O'Brien
Twitter introduces pre-roll ads for Periscope

Social Media Twitter introduces pre-roll ads for Periscope

8m Al Roberts
Seven B2B marketers rocking it on social media

Social Seven B2B marketers rocking it on social media

9m Bob Cargill
The ONLY lesson from every social media brand fail example ever

Insights The ONLY lesson from every social media brand fail example ever

10m Danny Goodwin
5 Really Good Reasons to Use Twitter Ads

Social 5 Really Good Reasons to Use Twitter Ads

11m Larry Kim
Five ways President Trump takes advantage of social media

Content Marketing Five ways President Trump takes advantage of social media

9m Bob Cargill
Is Twitter slowly dying?

More News Is Twitter slowly dying?

9m Al Roberts
The social media marketing checklist your business needs for 2017

Social The social media marketing checklist your business needs for 2017

10m Tereza Litsa