{"id":4998,"date":"2020-07-16T15:13:22","date_gmt":"2020-07-16T19:13:22","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=4998"},"modified":"2020-10-22T12:32:10","modified_gmt":"2020-10-22T16:32:10","slug":"what-to-know-about-the-high-profile-twitter-attack","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/","title":{"rendered":"What to Know about the High-Profile Twitter Attack"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-4537\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\" alt=\"What to Know about the High-Profile Twitter Attack\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">What do you need to know about the high-profile Twitter attack?\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Twitter, the global social media platform, suffered one of the most widespread and devastating attacks in its history. Unfortunately, the full extent of the attack is still under investigation. However, we do know enough to explore what happened and discuss <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">potential ways to protect your own business<\/a>. You can also check out our <a href=\"https:\/\/www.youtube.com\/watch?v=6ZNmNDKXYps\" target=\"_blank\" rel=\"noopener noreferrer\">Breach of the Month<\/a> video.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The High-Profile Twitter Attack targeted some of the most famous users on the platform, including Barack Obama, Joe Biden, Elon Musk, Michael Bloomberg, and Kim Kardashian. Some businesses also suffered in the attack, such as Apple. Compromised accounts began promoting a link to a bitcoin scam, which the accounts continually reposted (often faster than they could be deleted). The attack proved effective enough that Twitter took the unprecedented step of blocking all tweets from all verified users.\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Most verified users can now post again, although Twitter did state that they might reinforce the mass ban if they believe necessary.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">How did this high-profile Twitter attack happen? The exact details remain unclear. However, it appears that Twitter HQ suffered from a coordinated social engineering attack. Additionally, it seems that a particular internal tool allowing Twitter to access and post from individual accounts fell into the wrong hands. In fact, photos of said tool appeared on multiple Twitter accounts, with Twitter deleting the photos and sometimes deleting accounts that reposted them.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The attack raises multiple questions. One concerns privacy; why does Twitter have the power to post from any verified user\u2019s accounts? How does the company use this power? Does it tie into data collection, and if so, how?\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Another concerns social engineering attacks and <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">authentication<\/a> at the corporate level. Hackers should not have had such an easy time conducting their attack; most experts consider it lucky that the hackers lacked the imagination to do substantial damage through their malicious access. Twitter should have implemented multiple authentication factors for this kind of privilege.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We turn to the experts to learn more.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n<p><b><br \/>Widget not in any sidebars<br \/><\/b><\/p>\n<h2 style=\"text-align: justify\"><b>What Experts Say About the High-Profile Twitter Attack<\/b><\/h2>\n<h3 style=\"text-align: justify\"><b>Logan Kipp<\/b><\/h3>\n<p style=\"text-align: justify\"><em><span style=\"font-weight: 400\">Logan Kipp is the Director at website cybersecurity firm <\/span><a href=\"https:\/\/www.sitelock.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">SiteLock<\/span><\/a><span style=\"font-weight: 400\">.\u00a0<\/span><\/em><\/p>\n<p style=\"text-align: justify\">&#8220;With any compromise, the targeted business jeopardizes losing user trust. The recent Twitter compromise is a prime example of how proactive employee training can be one of the best defenses from malicious actors. Cybercriminals were able to access the high-profile accounts by tricking employees via a \u201ccoordinated social engineering attack\u201d into giving up their credentials. Twitter, and any business with troves of data, passwords, etc., need to make security awareness training a top priority to better protect its people and users&#8217; data against cyberattacks. Training staff on being an effective human firewall is more critical than it has ever been. Employees are often the first line of defense and if they don\u2019t know how to spot common attack methods like spear phishing, smishing, and whaling, cybercriminals will be quick to take advantage.&#8221;<\/p>\n<h3 style=\"text-align: justify\"><b>Ed Bishop<\/b><\/h3>\n<p style=\"text-align: justify\"><em><span style=\"font-weight: 400\">Ed Bishop is CTO at <\/span><a href=\"https:\/\/www.tessian.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">Tessian<\/span><\/a><span style=\"font-weight: 400\">.<\/span><\/em><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">&#8220;Although this incident started with a social engineering attack, this is just the beginning. Once someone&#8217;s account has been compromised, an attacker will often launch a horizontal attack within the organization to compromise more internal accounts, until they reach the account with the permissions they need. The attacker must have either known Twitter&#8217;s systems or spent time poking around, to learn how to backdoor into people&#8217;s accounts and tweet on their behalf.&#8221;\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">&#8220;Twitter&#8217;s description of the attack highlights the need to protect people within an organization at all costs. Social engineering attacks \u2014 often a spear-phishing email that impersonates a trusted party \u2014 are designed to trick or persuade an employee to visit a fraudulent website that then steals credentials or installs malware. This incident also shows the importance of limiting permissions for administrators.&#8221;\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Thanks to the experts for their time and expertise. For more, check out the <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">Identity Management Buyer\u2019s Guide<\/a>.<\/span><\/p>\n<p><b><br \/>Widget not in any sidebars<br \/><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What do you need to know about the high-profile Twitter attack?\u00a0 Twitter, the global social media platform, suffered one of the most widespread and devastating attacks in its history. Unfortunately, the full extent of the attack is still under investigation. However, we do know enough to explore what happened and discuss potential ways to protect [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":4537,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,125,16,112,1509,1204,76,425,30,1511,1510,9],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What to Know about the High-Profile Twitter Attack<\/title>\n<meta name=\"description\" content=\"What do you need to know about the high-profile Twitter attack?\u00a0We spoke to experts and look at the dangers of spearphishing and poor authentication.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/\",\"name\":\"What to Know about the High-Profile Twitter Attack\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"datePublished\":\"2020-07-16T19:13:22+00:00\",\"dateModified\":\"2020-10-22T16:32:10+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"What do you need to know about the high-profile Twitter attack?\u00a0We spoke to experts and look at the dangers of spearphishing and poor authentication.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"width\":800,\"height\":400,\"caption\":\"Morgan Stanley Suffers Data Breach Due to Third-Party Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What to Know about the High-Profile Twitter Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What to Know about the High-Profile Twitter Attack","description":"What do you need to know about the high-profile Twitter attack?\u00a0We spoke to experts and look at the dangers of spearphishing and poor authentication.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/","url":"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/","name":"What to Know about the High-Profile Twitter Attack","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","datePublished":"2020-07-16T19:13:22+00:00","dateModified":"2020-10-22T16:32:10+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"What do you need to know about the high-profile Twitter attack?\u00a0We spoke to experts and look at the dangers of spearphishing and poor authentication.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","width":800,"height":400,"caption":"Morgan Stanley Suffers Data Breach Due to Third-Party Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/what-to-know-about-the-high-profile-twitter-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"What to Know about the High-Profile Twitter Attack"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4998"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=4998"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4998\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4537"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=4998"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=4998"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=4998"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}