14 DAY TRIAL // Anthony Noto, chief financial officer (CFO) at Twitter, had his account for the microblogging platform hijacked by unknown individuals, who used it to post a massive amount of spam.
At the time of the incident, the CFO had a 13,100-strong followership, who was blasted with about 300 messages containing links to potentially dangerous locations.
Spam links pointed to domain in Romania
One would think that working for Twitter would grant some special protection against attempts to take over their microblogging account, but this incident proves that enforcing security measures to protect against unauthorized access lies on the shoulders of each individual.
On Tuesday, the intruders delivered conspicuous spam messages from Noto’s Twitter account for about 20 minutes, until the control of the account was regained by the rightful owner.
The URLs pointed readers to a Romanian domain, which appears to have been compromised by the hackers and redirected to a different page where malware was probably hosted.
Several prominent Twitter accounts have been hijacked
The root of the problem has not been revealed by Twitter or its CFO, but the most common method to compromise an online account is through phishing, or its targeted variant, spear-phishing.
Also, two-factor authentication (2FA) has to be disabled since it prevents access to the asset based on the username and password pair alone.
Setting up 2FA is dead easy and it can be done from the “Security and privacy” section of the Twitter account. By simply adding a phone number, the service will make sure that logging in requires an additional code sent to the provided device.
This way, even if the standard credentials are compromised, an attacker would still need the extra piece of information to get in.
After receiving access to his Twitter feed, Noto tweeted a simple “Back on the field!” note. He also seems to have become more popular as a result of the incident as his followership increased with about 300 individuals.
Hijacking Twitter accounts appears to be a frequent activity these days, as yesterday news media outlet Newsweek announced that Cyber Caliphate pro-ISIS group gained unauthorized access to their microblogging profile.
The hackers benefited from 14 minutes of fame and used them to make a threat against the Obama family and to disseminate pro-ISIS messages. The incident was confirmed by the media outlet, which apologized for any offensive messages.
Back on the field!
— Anthony Noto (@anthonynoto) February 10, 2015