In light of the recent hacking attacks that have hit news organizations around the world, Twitter has warned news outlets that they expect the attacks to continue.
“There have been several recent incidents of high-profile news and media Twitter handles being compromised. We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers,” said Twitter in a memo obtained by BuzzFeed. “These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organization and following the security guidelines below is vital to preventing abuse of your Twitter accounts.”
As you may remember, the Associated Press’ Twitter account was hacked last week, and it sent out a false tweet claiming that there had been an explosion at the White House and that President Obama was injured. This tweet, though only visible for minutes before the AP took down the account, sent the stock market into a dive. Earlier this week, The Guardian also fell victim to a hack.
Twitter’s warning to news organizations suggests many of the things you would expect: change your passwords, make them strong, and keep your email accounts secure, since Twitter uses email to verify. Twitter also asks hack victims to contact them immediately so they can work on finding the problem as soon as possible.
But there is a pretty strange and severe request from Twitter: make sure you have a single computer that’s just for Twitter. Don’t do anything else on it. What?
“Designate one computer to use for Twitter. This helps keep your Twitter password from being spread around. Don’t use this computer to read email or surf the web, to reduce the chances of malware infection. Minimize the number of people that have access. Even if you use a third-party platform to avoid sharing the actual Twitter account password, each of these people is a possible avenue for phishing or other compromise.”
Interesting. Twitter is obviously taking this very seriously, and thinks you should too. If you operate an account that you think would be a high target of hackers, it’s time to up the concern a little bit.
Recent reports indicated that Twitter was working on two-step verification (finally) to make it a bit harder for attackers to compromise accounts. Although that wouldn’t totally fix the problem, it would be a start. It’s interesting that although we heard that this two-factor verification is on the horizon, Twitter is suggesting in this letter that organizations seek out help from a third-party two-step verification provider.