Social media was aflutter on Wednesday with news that Twitter had been hacked. As yet unidentified, those responsible used the accounts of political figures, businessmen, and celebrities to post bogus tweets encouraging their followers to send funds to an anonymous Bitcoin account.
In most cases, Twitter’s integrity team locked down the accounts concerned within minutes of the breach and deleted the tweets in question. But despite this swift action, it has raised valid concerns about how safe social media platforms like Twitter are.
‘It could have been worse’
“This was the biggest security breach in Twitter’s history,” says Mikko Hyppönen, cybersecurity expert and chief research officer at F-Secure. “But ordinary users were not affected by it at all – unless they fell for the scams posted by the hacked celebrities.”
In a series of tweets, Twitter admitted some of its employees were targeted to gain access to internal systems and tools to carry out the heist.
So, should we be concerned?
As Hyppönen notes, ordinary users were not the direct target of this particular hack. That said, they were in some ways collateral damage and there is an argument to be made that any future breach could have an indirect impact on anyone with an account, influencing how they vote, for instance.
“In the end, this could have been much worse,” he said.
“And the attack could have done far worse things than try to scam Bitcoins out of people; the attackers had access to everything. They could have done anything on Twitter,” Hyppönen told Euronews.
“They could have started tweeting weird things in the names of the US presidential candidates during the voting this November, for example.”
Can anything be done to secure accounts?
There is no succour for those particularly anxious about the security on the social media platform. Hyppönen, who has helped Twitter in the past as a consultant after uncovering security vulnerabilities in their systems, says there was little to be done to combat this particularly sophisticated hack.
“The way this hack was done also means that there’s nothing any users could have done to prevent it from happening,” he said.
Of course, the usual preventative measures to secure your account against potential intruders are still the best way to protect against hacking, he advises.
“Regardless, it’s always a good idea to lock down our accounts: use strong, unique passwords via a password manager; enable two-factor authentication; use a unique email address for important accounts.
“And remember to monitor your account for weird activity. Especially you should pay attention, if you get an email about unusual access, attempts to change your email address or disable two-factor authentication, or just if you see repeated failed logins.”
While only influential, high profile users were hacked in this instance, the damage to the company’s credibility may already have been done – but the wound doesn’t have to prove fatal.
“For Twitter to regain confidence, they first have to figure out exactly what happened and be as open about their investigation as possible,” says Hyppönen.
“Once they know how this happened, they can document how they are going to fix it. If they do this right, I think they are able to maintain confidence both with their users and their investors.”
From his more than 30 years of experience, Hyppönen doesn’t believe the hacking was a smokescreen for anything more insidious.
“We don’t know who’s behind this, but I think it’s more along the lines of a juvenile gang than a foreign nation-state,” he told Euronews.