Lately, news about security issues regarding Twitter have been running rampant. What’s actually going on in the Tweetverse?
The social media platform recently underwent a global service disturbance impeding users from receiving account verification codes through phone calls or text messages. Thus, implying that users who have 2FA incorporated are unable to get authenticated on the website.
- Last month, numerous Twitter accounts belonging to high-profile organizations and celebs were hacked using social-engineering techniques. Hackers gained access to email addresses and phone numbers, but no passwords, as per Twitter. A small number of employees were reportedly tricked through social engineering by the threat actors to hand over their admin credentials for this attack.
- Reuters reported that according to a couple of former employees, thousands of Twitter contractors and employees had access to internal tools that could alter user settings and hand over control to others.
- The social networking service is also under investigation by the Federal Trade Commission for misusing the personal information of users to serve ads, i.e., for violating user privacy.
Who’s to blame?
- The central problem lies in the fact that the main threat to Twitter comes from its weakest link that was exploited by the perpetrators.
- According to the microblogging platform, it was a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
- As per Mikko Hyppönen, security holes and codes can be patched but human weaknesses are not as predictable as machines.
- With different issues making the headlines almost every single day, it is clear as day that social media sites are more vulnerable to new and evolving security threats, now more than ever.
The bottom line is that the security implications of hacking Twitter are extensive. Apart from upgrading their TTPs, hackers have also become conniving. Although Twitter has been taking significant steps to alleviate users' security concerns, we can see that it is never enough and requires more attention from the security community.