You've probably heard about this already, but yesterday the AP's Twitter feed was hacked, and used to send out a bulletin that the White House had been bombed and President Obama injured. Despite AP's quick reaction and suspension of its account, the hacker's message was retweeted thousands of times within the next few minutes to significant effect. There was panicked selling in stock markets, in one highly visible impact. Coming on the heels of last weekend's hacking of multiple CBS News Twitter accounts, it's renewed calls for better login security at Twitter.
The same group is claiming credit for both hacks, although the AP hack message mirrored AP style, while the CBS hack posts were more clearly political. A later AP story indicated that the intrusion was more the result of a phishing expedition aimed at AP corporate accounts. Phishing emails often use real graphics and look-alike account names to trick recipients to going to a faked login page and re-enter login names and passwords. Hackers then use the real account info to gain entry into the service.
Computer security experts are suggesting that Twitter add what's called two-factor authentication, where there is a second step when logins are attempted from a new device. In addition, they're suggesting that Twitter add a function that would allow for corrections to be attached to the original tweet - for now the only option for a hacked account is to suspend the account and create a new password, and hope that word of the false tweet gets the same exposure. While Twitter policy is to not comment on specific accounts or actions, Forbes reports that a scan of recent Twitter job listings suggests they're looking for people with the necessary skills to improve security.
Source - AP Hack Highlights Two Crucial Features Twitter Needs, Forbes
No comments:
Post a Comment