Skip to main content

Twitter warns media companies: Watch out for hackers

TwitterLast month, the BBC found a number of its official Twitter accounts hacked following a successful attempt to phish log-in information and passwords from their owners via a series of emails to staff. Since then, both the Associated Press and the British newspaper the Guardian have found official Twitter feeds hi-jacked by hackers, with the @AP account managing to cause mild panic on Wall Street with a tweet announcing an attack on President Obama in the White House.

In response to these attacks, Twitter has released a memo to news organizations offering advice on how to keep control of their accounts, as well as suggestions of what to look for from those trying to take that away from them. “There have been several recent incidents of high-profile news and media Twitter handles being compromised,” the memo notes. “These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organization and following the security guidelines below is vital to preventing abuse of your Twitter accounts.”

Related Videos

Amongst the guidelines suggested by Twitter:

  • Change Twitter passwords immediately. Passwords should be, it’s suggested, “at least 20 characters long” and “either randomly-generated passwords (like ‘LauH6maicaza1Neez3zi’) or a random string of words (like ‘hewn cloths titles yachts refine’).” “Never send passwords via e-mail, even internally,” the memo warns. Passwords, it goes on to suggest, should be changed on a regular basis to confound potential hackers.
  • Keep email secure. “If your email provider supports two-factor authentication,” the memo says, “enable it.” Later in the memo, it goes on to suggest that the security team is brought in to make sure that email is “as safe as possible,” even if that means bringing in third-party security providers.
  • Rework Twitter process within companies. “Minimize the number of people that have access,” the memo suggests. “Even if you use a third-party platform to avoid sharing the actual Twitter account password, each of these people is a possible avenue for phishing or other compromise.” Additionally, consider only using one designated computer per Twitter account – something that seems somewhat at odds with the mobility and speed of the platform in general.

In the unfortunate instance that you discover that your account has been hacked, the memo reports, the first thing that should be done is to contact Twitter with the word “Hacking” in the email subject line and copies of any emails suspected as phishing efforts.

The memo points to how seriously Twitter is taking the recent hacks, and how concerned the company is for the credibility of Twitter as an information medium in future. “We believe that these attacks will continue,” the memo warns, “and that news and media organizations will continue to be high value targets to hackers.” So who will be next?

Editors' Recommendations

Topics
Twitterrific shuts down after being blocked by Twitter
The Twitterrific bird.

The maker of Twitterrific, a third-party Twitter app for macOS and iOS that launched in 2007 and came to the iPhone before Twitter itself, has been left with no choice but to close it down.

In a message posted on its website on Thursday, The Iconfactory, Twitterrific's developer, said: "We are sorry to say that the app’s sudden and undignified demise is due to an unannounced and undocumented policy change by an increasingly capricious Twitter -- a Twitter that we no longer recognize as trustworthy nor want to work with any longer.”

Read more
Twitter finally confirms it’s behind outage of third-party Twitter apps
A stylized composite of the Twitter logo.

Twitter has finally confirmed what everyone pretty much already knew -- that it’s behind the outage of popular third-party Twitter clients such as Tweetbot and Twitterrific.

In a message posted on its Twitter Dev account for developers, the company said: “Twitter is enforcing its long-standing API rules. That may result in some apps not working.” But it declined to offer any details about what API rules the developers of the third-party apps have violated.

Read more
You can bid for Twitter’s bird statue right now
Elon Musk carrying a sink into Twitter's headquarters.

If you’re looking for a strong centerpiece for your lounge or living room, then a statue of Twitter’s iconic bird motif could be just the ticket.

The social media company is auctioning off the bird statue -- along with a ton of other gear -- from its headquarters in San Francisco.

Read more