Twitter warns media outlets of hacking threat

Twitter logoClearly stirred into action by a spate of high profile hacks against accounts on its network, Twitter has taken the unusual step of reaching out to news and media organisations to warn them about the current attacks, and to take defensive measures.

An email seen by BuzzFeed warns that Twitter believes that the attacks will continue:

Please help us keep your accounts secure. There have been severalrecent incidents of high-profile news and media Twitter handles being compromised. We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers.

What to be aware of:
These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organization and following the security guidelines below is vital to preventing abuse of your Twitter accounts.

Sign up to our free newsletter.
Security news, advice, and tips.

Take these steps right now:

Change your Twitter account passwords. Never send passwords via e-mail, even internally. Ensure that passwords are strong- at least 20 characters long. Use either randomly-generated passwords (like "LauH6maicaza1Neez3zi") or a random string of words (like "hewn cloths titles yachts refine").

Keep your email accounts secure. Twitter uses email for password resets and official communication. If your email provider supports two-factor authentication, enable it. Change your e-mail passwords, and use a password different from your Twitter account password.

Review your authorized applications. Log in to Twitter and review the applications authorized to access your accounts. If you don't recognize any of the applications, contact us immediately by emailing [email protected].

The memo from Twitter goes on to ask media organisations to provide the social network with an updated list of accounts being used, so that they can proactively monitor them, and calls upon firms to email a specific address with the subject line "Hacking" if they believe that their accounts have been compromised.

Clearly Twitter is keen to clear up any hack by the likes of the Syrian Electronic Army (who in recent weeks have broken into accounts belonging to the likes of The Guardian, Associated Press, CBS, FIFA and the BBC) before too much damage is done.

These recent hacks will be encouraging Twitter to introduce two factor authentication all the quicker - but how successful that technology will be at keeping out hackers, and how widely it will be adopted by brands who may have many staff in many territories sharing the same Twitter account, remains to be seen.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.