Social media platforms such as Twitter need to tighten security around admin staff with access to internal systems, cyber security experts have said.
The warning comes in the wake of a Twitter breach where hackers targeted employees with access to the firm’s internal systems and posted a Bitcoin scam to the accounts of high-profile figures in the US.
Former president Barack Obama, rapper Kanye West and current presidential candidate Joe Biden were among those hit by the breach, with identical messages promoting the cryptocurrency scam posted to their profiles.
Twitter has now confirmed the incident was a “co-ordinated social engineering attack” by hackers who had targeted Twitter employees with “access to internal systems and tools”.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
Cyber security expert Todd Peterson, from software firm One Identity, said better management of staff with access to such sensitive internal tools was vital to prevent future repeats of the attack.
“Providing great customer support for high-profile customers means IT administrators need privileged access to their accounts – to help reset passwords and to help clear up after an account takeover,” he said.
“However, with this great power comes great responsibility – and it takes only one bad admin to create global chaos by abusing their privileged access.
“Touching such high-profile Twitter accounts should be tied to an approval process, where a single person cannot act alone, without a detailed explanation and an approval by a superior.
“A modern record-and-review monitoring system would have also stopped the lone actor in their tracks by flagging the highly unusual activity and helping to retrace and undo their steps.”
In its statement on the incident, Twitter said: “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
Twitter said that in the wake of the incident, it had taken “significant steps to limit access to internal systems and tools while our investigation is ongoing”.
The social media giant is yet to confirm any further details of the attack, but chief executive Jack Dorsey said: “Tough day for us at Twitter. We all feel terrible this happened.”