Twitter Issues ‘Ridiculous’ Security Advice To Media

Twitter has sent messages to news organisations warning them about future attacks and providing them with a list of security tips, in the wake of a slew of account hijacks.

But analysts are not wholly impressed with the micro-blogging firm’s attitude to security.

The Syrian Electronic Army has been causing carnage on Twitter of late, hacking accounts belonging to prominent media bodies, including AP, the BBC and the Guardian.

Attackers have duped media bodies into handing over Twitter credentials with spear phishing attempts, which see specially-crafted emails sent to journalists, either asking them for information or tricking them into clicking on malicious links.

Silly Twitter advice?

That’s why Twitter sent out advice to various organisations last night. But one particular recommendation has invited scorn – to designate one computer for Twitter use, and to not use that machine for reading email or using the Internet.

“It is ridiculous. Not only is it unreasonable for consumers to take that kind of advice because it is simply expensive, but it is not suitable for businesses either,” Simon Edwards, technical director of Dennis Technology Labs and founding member of the Anti Malware Testing Standards Organisation, told TechWeekEurope.

He was also concerned about the lack of two-factor authentication – something Twitter has been called out on numerous times. Google and Facebook both offer it, so Twitter should too, the argument goes.

Twitter asks for mobile numbers during the sign-up process, so it should not take a huge effort to implement two-factor authentication where a unique code is sent to the mobile device, Edwards added.

The email sent to media last night, from the Twitter News Team, offered various pieces of password advice, saying they should contain elements of randomness and be changed regularly. But there have been no promises or even hints two-factor authentication will arrive.

Companies should create a formal incident response plan for a Twitter account hijack too, the team said, offering assistance for phishing attacks.

“We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers,” the email read.

“These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organisation and following the security guidelines below is vital to preventing abuse of your Twitter accounts.”

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

7 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

8 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

9 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

10 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

13 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

14 hours ago