Exploit: Account Compromise
Twitter: Social Media Platform
Risk to Small Business: 1.216 = Extreme
The hack heard ‘round the world this week is a huge embarrassment for social media powerhouse Twitter, after dozens of high-profile accounts were accessed illegally and used to transmit messages inviting their followers to “invest” in a bitcoin scam. Some of the affected accounts included Bill Gates, Barack Obama, Elon Musk, and Jeff Bezos. The hack was quickly discovered, and those accounts were frozen briefly while Twitter assessed and fixed the security flaw. Twitter is now reporting that the hackers targeted 130 accounts, were able to take control of 45, and 8 accounts had data downloaded. While early reports speculated on the threat actors as a sophisticated hacking group, The New York Times uncovered that the attack was actually carried out by a few unorganized hackers using a Discord server who obtained access through a “social engineering attack”. The attack is under investigation by numerous authorities including the FBI.
Individual Risk: 2.890 = Moderate
The hackers were able to obtain some personal information and change passwords for some of the celebrity accounts, but did not gain access to any financial information, past password records, or other sensitive data in all but 8 cases. Those 8 cases are still being investigated, but it’s unlikely that any sensitive data was compromised.
Customers Impacted: 130
How it Could Affect Your Customers’ Business: A “social engineering attack” is often just a fancy way of saying “phishing attack”. Failing to protect sensitive communications and data channels for your clients because of failing to undertake basic training in phishing resistance will not only cause an expensive recovery when an attack lands, it can also be embarrassing. Plus, the potential regulatory scrutiny is bound to be a headache and give ammunition to those who are looking to add more regulation to social media platforms through future legislation.