How Twitter Is Enhancing Security In The Wake Of Bitcoin Phishing Hack
Twitter saw among its most high-profile security breaches in July, when 130 accounts were hacked and used to solicit involvement with a phishing scam. This was made even more significant by the fact that the attack involved the accounts of Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, and many other major public figures.
After the dust settled on the debacle and with a suspected mastermind charged, Twitter on Thursday announced plans for how it will strengthen its security. This will involve new mandatory cybersecurity training courses for employees to prevent hackers from gaining access to sensitive information.
"We introduced two new mandatory training sessions for people who have access to non-public information," the company explained. "These trainings make clear the dos and don'ts when accessing this information and ensure employees understand how to protect themselves when they are online so they can better avoid becoming phishing targets for attackers."
By all accounts, the hackers responsible for the attack were able to pull it off by gaining access to Twitter employee login credentials. The attack is believed to have netted them $121,000 in Bitcoin.
“To further secure our internal tools from potential misuse, we have been strengthening the rigorous checks that team members with access must undergo,” the company explained.
Twitter will also be implementing alerts for its internal systems that will raise alarms for potentially unauthorized actions, similar to the system it currently offers users for their account security. "Phishing-resistant security keys" are now being used by employees when authenticating systems behind the scenes.
“This will always be ongoing work for us,” Twitter said, “but trust that we are committed to acting in the interest of the people who use our service.”
There may also be concerns of bigger hacks that net hackers a larger profit. Tom Robinson, co-founder of London-based cryptocurrency compliance company Elliptic, told CNBC in July that the $121,000 was a low sum given the magnitude of the hack.
“Given the scale of the compromise I don’t think that’s very much, but what we often see with these type of exploits is that the exploit itself can be very sophisticated but they’re not very good at monetizing it,” Robinson said.
© Copyright IBTimes 2024. All rights reserved.