Home » The Biggest Twitter Security Breach, and How to Protect Your System

The Biggest Twitter Security Breach, and How to Protect Your System

Alexander Abgaryan

Founder & CEO, 6 times AWS certified <p><a rel="nofollow noopener" target="_blank" href="https://www.linkedin.com/in/nitalaut/">LinkedIn</a></p> <br /> <br /> Alexander Abgaryan is a cloud expert with 6 AWS certifications and 20+ years in the industry. His professional journey has equipped him with a diverse skill set and a deep understanding of AWS and DevOps. <br /> <br /> With years of hands-on experience in designing and implementing scalable AWS solutions, Alexander possesses a unique blend of technical skills and strategic vision that has proven invaluable in guiding clients through their digital transformation journeys. <br /> <br /> In his articles, Alexander focuses on cloud technologies in general and AWS in particular, providing insights that empower businesses to use these technologies effectively. Whether it’s optimizing cloud infrastructure, enhancing security, or maximizing cost efficiency, he aims to equip readers with the information and strategies necessary to be successful in today’s competitive landscape.

LinkedIn

the biggest twitter security breach

On July 15th, 2020 Twitter suffered the most devastating security breach in the company’s history. More than a dozen of verified accounts that have millions of followers kept posting scam tweets for about 2 hours.

The scam

Scammers weren’t too creative as usual, and just sent almost identical messages that assured that everyone who sends any amount of money to a certain bitcoin wallet would immediately receive twice as much. Despite the totally bizarre content of the messages, the names of the verified accounts played their role, and within 3 hours scammers were able to receive about $118 000.

The list of more than a dozen compromised accounts includes Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, Apple, Uber, and CashApp.

Twitter’s reaction

Twitter’s reaction was quite slow. At first, the scam tweets were deleted, but only to appear again. It took the company 2 hours to finally take the step that worked – to lock down more than 300 000 verified accounts of its users until the threat was secured later that day.
Twitter has experienced several security breaches before, for example in 2017 Donald Trump’s account was deleted. And though it was done by Twitter’s employee, and the account was quickly restored, still the incident shouldn’t have happened in such a reliable social network.
What we know so far is that probably the attack was carried out by hackers getting access to the high-level internal Twitter system, it’s possible that a Twitter employee was involved in the attack. The attack was not the result of weak user passwords or any reckless actions of the users.

What can we learn

Since the pandemic threatened the society and our wellbeing, more hacker attacks and scams started to appear. Now is the time to secure your system and understand that the security chain is only as strong as its weakest link.

Things to pay attention to, and check your system

1. React quickly.
Twitter’s reaction was slow, it took the company more than 2 hours to respond radically. Set up full monitoring, stay on guard, know what is happening in your system, and be ready to react quickly. The less time you give the hackers, the less harm they would be able to inflict.

2. If something happened once, and you eliminated only the consequences, then it will happen again.
Look at the threats you had in the past, and ask yourself, have you eliminated all the causes, are they secured now? Twitter has had incidents of hacker attacks before, bitcoin scam and impersonating accounts have been operating on Twitter for years unresolved, and it only lead to a more harmful breach.

3. Are all the passwords strong?
Even if your users’ passwords are strong and their actions are impeccable, but only one employee uses their name for the login and password, your system is exactly as strong as that one weak password.

4. Do you trust your employees?
Twitter claims there might be an inside issue that caused the breach. How do you check your employees? Is there a system that you use to ensure the people that access sensitive data can be trusted?

5. Apply the principle of least privilege. 
Every employee should have access only to what they directly need for doing their job, no more. Always assume that anyone can intentionally or accidentally cause harm – this will protect your system from unnecessary security threats. Remember, it is possible that a Twitter employee is responsible for this biggest security breach in the company’s history.

Make the security of your system your first priority!

If you have doubts regarding the security of your system, or just want to check if everything is safe, ask us. We’ll audit your system and give our recommendations.

Contact us

You Might Also Like

5 Steps to Protect Your System from Hackers

5 Steps to Protect Your System from Hackers

By gaining access to the system, cybercriminals can disrupt its operation, steal important information, and destroy data. Any such system…

Is Your System Backed Up Correctly?

Is Your System Backed Up Correctly?

If you suddenly lost part of your database or website, what would be the damage? If such a loss would…

Why DDoS Protection Is Important

Why DDoS Protection Is Important

One of the most unwanted messages that the owner of a commercial website can receive is that the system is…

Scroll to Top