Improve Twitter passwords, experts warn, after minister’s account hacked
The hacking of public figures’ Twitter accounts does not mean the social media giant has major internal security problems, cyber security experts have said, but they have urged users to improve their account security.
The Twitter account of Northern Ireland Secretary Chris Heaton-Harris has become the latest to be compromised as a series of offensive messages were posted before being deleted. It comes just days after Education Secretary Gillian Keegan’s Twitter profile was also hacked.
In a series of high-profile hacking incidents, Piers Morgan’s account has also been compromised in recent weeks.
In the wake of Elon Musk’s takeover of the social media platform and the departure of around half of the company’s staff amid a “chaotic” staff restructuring, there have been concerns over the strength and responsiveness of Twitter’s security systems.
There have also been reports that millions of user email addresses have been scraped from the platform as part of a data leak and offered to hackers on online forums.
Online security experts have suggested that the biggest direct security threat to users is actually not internal company issues, but people not taking their own personal account security seriously.
Research has repeatedly shown that many internet users reuse passwords across multiple apps and websites or use simple and easy-to-guess phrases for login details.
Javvad Malik, lead security awareness advocate at KnowBe4, acknowledged that former Twitter head of security whistleblower Peiter Zatko had painted a “very unflattering picture” of Twitter’s security controls in an exposé last year – which had claimed the site had a number of vulnerabilities – but claimed that individual user security was the key issue.
“That doesn’t mean that Twitter is much worse than many other social media or cloud providers. It is only among the most visible. And that visibility is what paints a big target on their backs,” Malik said.
“When we hear about Twitter accounts being compromised, it’s not necessarily due to any technical issues on the platform. Rather, the most popular way is to phish users, i.e. trick them by sending victims emails that appear to be fake from Twitter, asking them to provide details, including passwords – leading to their accounts being taken over.”
In response, Malik urged Twitter users to think more carefully about how they secure and use their accounts: “All accounts, but especially prominent ones, need to be mindful of what they post on Twitter, especially in private DMs. They should use a unique and strong password, and enable multi-factor authentication. In addition, all access to third-party apps should be regularly reviewed and withdrawn when no longer needed.
“Finally, they should be aware of any communications that appear to come from Twitter and not click on links in emails, but rather go directly to Twitter and take appropriate action.”
Jamie Akhtar, CEO of CyberSmart, said it was “important to say” that Twitter was “overall a very secure platform” despite the recent account hacking and apparent data leak.
“While the leak raises questions about how quickly Twitter is able to identify vulnerabilities, we believe users can be reasonably confident about its cybersecurity,” he said.
Twitter is a business with many resources and has historically had sophisticated cyber security.
“That the leak coincides with the ownership chaos of recent months at Twitter seems more like a case of coincidence or bad luck than a lapse in security features.”
In response to the hack of his account, Northern Ireland Secretary Heaton-Harris said: “I’m afraid my Twitter account was hacked overnight and someone posted some deeply unpleasant things on my account for which I can only apologise.”
Sign up for the E&T News email to get great stories like this delivered to your inbox every day.
