In July, prominent figures on Twitter such as Joe Biden, Elon Musk, Bill Gates, and others had their Twitter accounts hacked at the same time. All affected accounts tweeted the same message, offering to double bitcoin payments sent to an address at a certain time. The Hill reported that over $100,000 in bitcoin was sent to the address in the hours following the hack.
Shortly after the tweets were sent out, Twitter shut down the accounts of all verified users to prevent additional fraudulent tweets as they tried to uncover how a hack of this proportion happened. Was it a case of poor user security? No, many of these accounts had two-factor authentication enabled. What caused the unprecedented hack?
Twitter employees believe the hackers gained access to an internal software program used by Twitter to manage high-profile accounts. This software allows some employees to view account information and change the email address associated with the account. While Twitter has not provided an official statement on how hackers gained access to the accounts, many believe that an employee with access to this software was hacked. From there, the hackers were able to use the software to change the email addresses on the hacked accounts to their own email address and reset passwords while disabling two-factor authentication.
The hackers made approximately $100,000 in bitcoin from the hack as unsuspecting users sent bitcoin in hopes of getting their money doubled. Instead, they lost all the money they sent. Twitter now says 36 of the 130 accounts hacked had their direct messages exposed to the hackers. The hack is being investigated by the FBI.
A refresh on social media security
Major cybersecurity incidents like July’s Twitter hack always serve as a reminder to review best practices for social media security. While it is unlikely that your social media profile would get swept up in a high-level hack like this, many accounts are hacked daily with less sophisticated methods.
First and foremost, we must practice good account security. This means strong and unique passwords for all of our accounts (social media and others). Invest in a password manager so you don’t have to remember hundreds of different passwords. In addition, you must enable two-factor authentication on all accounts. Two-factor authentication secures your account with an additional one-time code sent to your phone every time you log into the account. Even if a hacker guesses your unique password, they won’t have access to the code to get into your account.
We must also think twice before clicking on a social media offer that seems too good to be true. If an account is offering money or a special giveaway, think twice before taking action. In many cases, they may be trying to steal money or personal information. Also, be on the lookout for fraudulent accounts posing as celebrities or other prominent officials. On platforms like Twitter, you can do so by making sure the account is “verified” with a checkmark.
It is important to be vigilant about protecting our accounts and clicking on links while we are using social media. And while sometimes hacks are out of our control like the Twitter incident this month, we can derail many hacks with good cybersecurity practices.
A few of other interesting updates on cybersecurity are:
1. Attention Instacart customers: Your data may be for sale on the dark web.
You may be an Instacart customer if you order online and delivery for these stores, Fred Meyer, Albertsons, Boise Co-Op, Rite Aid, Costco, Petco, Staples and a few other companies in Treasure Valley. Cybersecurity experts found about 200,000 Instacart customer profiles selling for about $2 each. This information includes names, the last four digits of credit cards, and order histories. Instacart has stated that they are not aware of any data breach at the organization and blames password reuse by customers. Affected customers, however, have said they did not use their Instacart password for other sites. If you use Instacart, you should change your password now.
2. Virtual credit card numbers could be the answer to online fraud.
Currently, only two credit card companies offer a virtual credit card option, Capital One and Citi. A virtual credit card is a randomly created credit card number that is generated when you make an online purchase and is linked to your real account. These virtual numbers help prevent fraud since they are only used once. If a hacker breaches an online store’s network, they will have access to the one-use virtual number instead of your static credit card number.
3. Covid-19 highlights the shortcomings in schools’ cybersecurity around the country.
As classes moved online, many schools became victims of ransomware and malware attacks. Last month, nearly 5 million malware attacks were targeted at schools. With the new school year beginning, administrators must also address cybersecurity improvements going forward.
Information presented herein is for discussion and illustrative purposes only and is not a recommendation or an offer or solicitation to buy or sell any securities. Views expressed are as of the date indicated, based on the information available at that time, and may change based on market and other conditions.