clock menu more-arrow no yes mobile

Filed under:

Twitter warns news outlets of ongoing hacking threats, suggests more stringent security

New, 31 comments
twitter stock
twitter stock

Several high-profile Twitter accounts have fallen victim to hacking attacks lately, and in response to the situation Twitter has issued a memo to media and news organizations suggesting steps they can take to protect themselves moving forward. Buzzfeed has posted the memo in its entirety, which asks organizations to help keep their accounts secure as "We believe that these attacks will continue."

According to Twitter, the hacking incidents seem to be the result of phishing attacks targeted at corporate email accounts. Twitter suggests that companies employ a pretty standard set of password security practices in response: changing current passwords, using new ones that are at least 20 characters long and are made up of either randomly-generated characters or random words, and to never email said passwords, even internally (programs like 1Password are mentioned as good solutions to ensure password security).

One suggestion is a computer devoted solely to Twitter

Given that email accounts are used to reset passwords, Twitter also suggests users change those passwords and implement two-factor authentication on their email accounts if available (Twitter is working on its own two-factor authentication service). Checking which applications are authorized to use a given Twitter account is the next step, to see if any nefarious users have authorized an application under a user's nose. Twitter also provides a specific email address companies can reach out to if they believe their account has been compromised. For maximum security, the company even recommends that Twitter access for corporate accounts be locked down to one single computer that isn't used to access email or surf the web, in order to minimize any malware risk.

While many of the practices here are common sense for security-focused individuals, the fact that Twitter needed to send out such a memo in the first place speaks to how many may not be taking security seriously — to say nothing of the proliferation of these kind of phishing attacks.