You are the news now

THE NEWS COMMENTER

VOTE  (0)  (0)

Twitter's changes since the June attack include requiring security keys

Added 09-25-20 02:09:01am EST - “Back in July, Twitter became the target of cyberattackers that hijacked high-profile accounts to run a bitcoin scam. Now, the company has published a post detailing how it's keeping Twitter secure and making sure that incident won't…” - Engadget.com

CLICK TO SHARE

Posted By TheNewsCommenter: From Engadget.com: “Twitter's changes since the June attack include requiring security keys”. Below is an excerpt from the article.

Back in July, Twitter became the target of cyberattackers that hijacked high-profile accounts to run a bitcoin scam. Now, the company has published a post detailing how it’s keeping Twitter secure and making sure that incident won’t happen again, especially since it’s election season in the US. For starters, it has been strengthening the rigorous checks team members with access to customer data must undergo.

As the company explains, some of its teams need access to user data to keep Twitter running. While it usually only grants them access for valid reasons, such as to help users who’ve been locked out of their accounts, it’s had to tighten its measures even further. In its first statement issued after the July attack, Twitter said the infiltrators staged a coordinated social engineering attack targeting employees with access to internal systems and tools. (A Wired report reveals what happened behind the scenes after the attack, such as the company having employees change passwords in front of their managers and having to prove they are who they say they are.)

As an additional measure, Twitter started distributing phishing-resistant security keys to its employees and requiring its teams around the world to use them. Google implemented the measure in 2017 to great success: A year after making it mandatory for employees to use physical security keys for two-factor authentication, the tech giant announced that it has “no reported or confirmed account takeovers” anymore.

Twitter required all new employees to go through security, privacy and data protection trainings, as well. Those who have access to non-public data had to attend additional mandatory training sessions on how they can avoid becoming phishing targets for attackers. The company also said that it’s been constantly improving its internal detection and monitoring tools that alert the company of possible unauthorized access attempts.

As for its election-specific efforts, Twitter said it recently implemented heightened security measures for election-related Twitter accounts in the US. A few days ago, it started sending them in-app notifications on new security requirements going forward, such as enabling password reset protection for accounts by default. It also conducted additional penetration testing and scenario planning over the past months. From March 1st to August 1st, for instance, its cross-functional elections team performed exercises on how to deal with hacks, leaks of stole materials, foreign interference and coordinated online voter suppression campaigns, among other scenarios.

Read more...

If you don't see any comments yet, congrats! You get first comment. Be nice and have fun.

CLICK TO SHARE

BACK TO THE HOME-PAGE