This week several Twitter accounts were compromised, where the perpetrators sent racially charged tweets from each account – including Nazi-related content and swastikas.
Some of these accounts were very prominent and included the likes of Forbes, Amnesty International, and even tennis star Boris Becker. In reality, such an event is not a new topic and unfortunately occurs more often than anyone would like. But this week’s incident represents a different attack vector – none of these accounts were actually hacked.
In actuality, each of these accounts leveraged a service called TwitterCounter, which is used to help provide analytics regarding followers. And it was this TwitterCounter service which was hacked.
We all use a variety of apps, services, etc. that integrate with our various social accounts, providing add-on functionality, analytics, or other valuable services. Think about it – how many times have you been prompted on your phone by a new app with a message such as “Do you authorize ____ to access your Twitter account?”
And while none of these services are (or should be) storing our social media account passwords, they have authorization in most cases to read our feeds as well as post content out through our accounts (or even make updates to our account). And it is through this that the perpetrators attained the ability to send out their inflammatory tweets via the hack of TwitterCounter (which is ‘down for maintenance’ at the time of this article).
It goes without saying that each of us need to be careful about the various apps and services which we provide permission to access one or more of our social media accounts. But this alone is not enough.
TwitterCounter is not a rogue or malicious platform – it is one that is not only well-established and provides a valuable service, but is also trusted by some of the world’s largest brands (as evident by the list of impacted accounts). So how can you safeguard yourself (pun intended) from these types of threats?
You need to ensure that you have in place a service which can detect and mitigate malicious or fraudulent activity. This can include tweets such as those involved with this week’s incident, but also can extend to changes to the account itself (e.g. defacing your account photo, changing the name, etc.).
This level of protection is a necessity today, not just in the face of direct hacking threats to your social media accounts, but also to protect against the risks posed by third party services possessing access to your accounts. These and other protections are what we provide to our customers, and could have helped the organizations and individuals impacted by this week’s unfortunate events. You may not always know who (or what) is accessing your accounts, but that’s where Social SafeGuard provides peace of mind.