By Tony O’Reilly-
Northern Ireland secretary Chris Heaton-Harris has asked twitter to improve its passwords security after “some deeply unpleasant stuff” was posted to his account.
The hacking of public figures’ Twitter accounts does not mean the social media giant has major internal security problems, cybersecurity experts have said, but they have urged users to improve their account security.
The Twitter account of Northern Ireland Secretary Chris Heaton-Harris has become the latest to be compromised as a string of offensive messages were posted before being deleted.
Meanwhile, cybersecurity experts have urged users to improve their account security, as they played down conclusions that the hacking of social media accounts concludes that twitter has internal security problems.
The Twitter account of Northern Ireland Secretary Chris Heaton-Harris has become the latest to be compromised as a string of offensive messages was posted before being deleted. It comes only days after the Twitter profile of Education Secretary Gillian Keegan also fell victim to hackers.
In the wake of Elon Musk’s takeover of the social media platform and the departure of around half the company’s staff amid a ‘chaotic’ staff restructuring, there have been concerns raised over the strength and responsiveness of Twitter’s security systems.
When we hear of Twitter accounts being compromised, it’s not necessarily due to some technical issues within the platform
There have also been reports of millions of user email addresses being scraped from the platform as part of a data leak and offered to hackers on online forums.
But cybersecurity experts have suggested that the biggest direct security threat to users is not in fact any internal issues at the company, but not taking their own personal account security seriously.
Research has shown that many internet users reuse passwords or use simple and easy-to-guess phrases for their login details.
Twitter head of security-turned-whistleblower Peiter Zatko had painted a “very unflattering picture” of Twitter’s security controls in a disclosure last year – which had claimed the site had a number of vulnerabilities – but argued individual user security was the key issue.
“That isn’t to say that Twitter is much worse than many other social media or cloud providers. It’s just among the most visible. And that visibility is what paints a huge target on its back,” he said.
“When we hear of Twitter accounts being compromised, it’s not necessarily due to some technical issues within the platform.
“Rather, the most popular way is to phish users, ie trick them by sending emails to victims which appear to originate from Twitter, asking them to provide details, including passwords – which causes their accounts to be taken over.”
In response, he encouraged Twitter users to think more carefully about how they secure and use their accounts.
“All accounts, but particularly prominent ones, need to be mindful of what they post on Twitter, especially in private DMs,” he said.
“They should use a unique and strong password, and enable multi-factor authentication.
“Additionally, any access to third-party apps should be regularly reviewed and revoked when no longer required.
“Finally, they should be mindful of any communication which appears to be originating from Twitter and not click on links in emails, but rather directly go to Twitter and take any required action.
In the wake of Elon Musk’s takeover of the social media platform and the departure of around half the company’s staff amid a ‘chaotic’ staff restructuring, there have been concerns raised over the strength and responsiveness of Twitter’s security systems.
When we hear of Twitter accounts being compromised, it’s not necessarily due to some technical issues within the platform
There have also been reports of millions of user email addresses being scraped from the platform as part of a data leak and offered to hackers on online forums.
But cybersecurity experts have suggested that the biggest direct security threat to users is not in fact any internal issues at the company, but not taking their own personal account security seriously.
Research has shown that many internet users reuse passwords or use simple and easy-to-guess phrases for their login details.
Javvad Malik, lead security awareness advocate at KnowBe4 acknowledged that former Twitter head of security-turned-whistleblower Peiter Zatko had painted a “very unflattering picture” of Twitter’s security controls in a disclosure last year – which had claimed the site had a number of vulnerabilities – but argued individual user security was the key issue.
“That isn’t to say that Twitter is much worse than many other social media or cloud providers. It’s just among the most visible. And that visibility is what paints a huge target on its back,” he said.
“When we hear of Twitter accounts being compromised, it’s not necessarily due to some technical issues within the platform.
“Rather, the most popular way is to phish users, ie trick them by sending emails to victims which appear to originate from Twitter, asking them to provide details, including passwords – which causes their accounts to be taken over.”
In response, he encouraged Twitter users to think more carefully about how they secure and use their accounts.
“All accounts, but particularly prominent ones, need to be mindful of what they post on Twitter, especially in private DMs,” he said.
“They should use a unique and strong password, and enable multi-factor authentication.
“Additionally, any access to third-party apps should be regularly reviewed and revoked when no longer required.
“Finally, they should be mindful of any communication which appears to be originating from Twitter and not click on links in emails, but rather directly go to Twitter and take any required action.”