Twitter security braces for further attacks
Micro-blogging site Twitter has upgraded security features in a bid to combat the growing number of hacking attacks.
Aiming to make it harder for outsiders to gain access to accounts, Twitter will introduce a new, optional two-step log-in process, similar to that used by some UK online banking sites.
The move comes a month after news agency Associated Press was hacked and a tweet sent stock markets plunging, and in the same week as a small number of The Telegraph’s twitter feeds were also hacked.
Users will now have the option of using a code sent via text message to a mobile phone in order to confirm their log in details, Jim O’Leary, a member of Twitter’s product security team, said in a blog post yesterday.
Twitter, which has more than 200 million users, follows Apple, Google and Facebook in introducing two-step authentication, as people put more information online. The hack of an Associated Press account last month resulted in tweets about explosions at the White House that temporarily wiped $136 billion from the S&P500 Index. That increased pressure on Twitter Chief Executive Officer Dick Costolo to install safeguards for users as he prepares for an eventual initial public offering.
“Social sites are a big target of these hackers,” said Barmak Meftah, chief executive officer of computer security company AlienVault. “All the efforts around fortifying and securing these sites is obviously huge.”
Twitter’s new authentication feature has been in development since at least last month, according to a person familiar with the matter. The San Francisco-based company said it plans to introduce more security measures to prevent hacking.
“When you sign in to twitter.com, there’s a second check to make sure it’s really you,” O’Leary wrote. “Much of the server-side engineering work required to ship this feature has cleared the way for us to deliver more account security enhancements in the future.”
In the AP hacking attack, the fabricated tweet was sent after unauthorized users gained access to the account, the news agency said. Common tactics that hackers use include phishing attacks, in which someone is duped into installing malicious code onto their computer or mobile device, and malware hidden on websites.
The AP restored its Twitter account after a security review. The false information from the AP account, which also said President Barack Obama had been injured, came after repeated attempts by hackers to gain access to AP reporters’ passwords, the news agency said.
In February, the Twitter account for Jeep was taken over. About the same time, the account for Burger King also was compromised. While those breaches were quickly remedied without any significant loss of sales, businesses can come under greater scrutiny after financial regulators approved the use of social media to release market-sensitive information.
“For a long period of time, banks were the main target, where hackers would embed a phishing link inside an e-mail,” Meftah said. “Social sites are the new attack surface for these guys. If you can phish against Twitter, phish against Facebook - - the number of consumers that are going to be affected by it is massive.”