Twitter must explain how it was hacked — and how it’ll keep that from happening again

These worse-case scenarios point to the risks when public and even government figures carry out essential functions on a single private platform. The mishap should teach elected officials not to rely exclusively on Twitter or Facebook or anything else to communicate with constituents. But it should also teach platforms to adopt smarter cybersecurity practices.

Twitter hasn’t yet provided a full post-mortem, but a blog post from the company combined with reporting from multiple outlets offers a peek: A hacker lurking on a forum generally used for stealing and then selling credentials to accounts with coveted short-character screennames (often an individual letter or number such as @6 or @y) boasted that he had access to Twitter’s internal controls. He gained these through “social engineering” — which could mean phishing of employees or bribery or even an insider-initiated attack. Once he had done so, he could bypass all the safeguards people are always being told are essential to responsible security.

Of course, these safeguards are still essential. But companies such as Twitter must also take steps to ensure the integrity of their platforms, primarily when it comes to administrative tools employees use to touch the most sensitive information. Sites should require more sources of authentication for getting into those systems; a password alone shouldn’t be enough. They should also scale back the number of workers who can use the systems, and institute robust monitoring programs that alert them when something suspicious is happening behind the scenes. And they ought to consider implementing special protection programs for sensitive accounts of the precise type that were compromised last week.

The FBI is investigating what happened, and lawmakers have asked for information. Twitter has promised a fuller explanation to the public of what went wrong. It should deliver that — along with an explanation of how it means to ensure things don’t go wrong again.

Read more:

Source:WP

Related post

States can’t ignore election integrity

States can’t ignore election integrity

The Houthi conundrum: Iran must pay a price for its conduct

The Houthi conundrum: Iran must pay a price for its conduct

Biden is not ‘faithfully executing’ immigration law

Biden is not ‘faithfully executing’ immigration law

Colorado and Maine bumbling U.S. into an election civil war

Colorado and Maine bumbling U.S. into an election civil war

Mayors from hell: Democratic leaders are destroying our cities

Mayors from hell: Democratic leaders are destroying our cities

We are witnessing the death of democracy

We are witnessing the death of democracy