Twitter warns media outlets of hacking threat

Graham Cluley

Twitter logoClearly stirred into action by a spate of high profile hacks against accounts on its network, Twitter has taken the unusual step of reaching out to news and media organisations to warn them about the current attacks, and to take defensive measures.

An email seen by BuzzFeed warns that Twitter believes that the attacks will continue:

Please help us keep your accounts secure. There have been severalrecent incidents of high-profile news and media Twitter handles being compromised. We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers.

What to be aware of:
These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organization and following the security guidelines below is vital to preventing abuse of your Twitter accounts.

Take these steps right now:

Change your Twitter account passwords. Never send passwords via e-mail, even internally. Ensure that passwords are strong- at least 20 characters long. Use either randomly-generated passwords (like "LauH6maicaza1Neez3zi") or a random string of words (like "hewn cloths titles yachts refine").

Keep your email accounts secure. Twitter uses email for password resets and official communication. If your email provider supports two-factor authentication, enable it. Change your e-mail passwords, and use a password different from your Twitter account password.

Review your authorized applications. Log in to Twitter and review the applications authorized to access your accounts. If you don't recognize any of the applications, contact us immediately by emailing ______@twitter.com.

The memo from Twitter goes on to ask media organisations to provide the social network with an updated list of accounts being used, so that they can proactively monitor them, and calls upon firms to email a specific address with the subject line “Hacking” if they believe that their accounts have been compromised.

Clearly Twitter is keen to clear up any hack by the likes of the Syrian Electronic Army (who in recent weeks have broken into accounts belonging to the likes of The Guardian, Associated Press, CBS, FIFA and the BBC) before too much damage is done.

These recent hacks will be encouraging Twitter to introduce two factor authentication all the quicker – but how successful that technology will be at keeping out hackers, and how widely it will be adopted by brands who may have many staff in many territories sharing the same Twitter account, remains to be seen.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.