Today, media reported about the hack which lead to a massive data leak affecting politicians in Germany. What is currently understood is that the hackers got full access to their Facebook and Twitter accounts including their other personal data. A large amount of private data and sensitive information was stolen and then leaked publicly. The story will most likely unwind during the upcoming days and weeks. Twitter is also on fire under the hashtag #hackerangriff.
Social media and Twitter, in particular, is increasingly being used by politicians, CEOs and thought leaders to communicate more directly with everyone. Back in the day, it was difficult to have a dialogue with a politician or get their input on any given topic. Today, many politicians actively take part in discussions and debates by weighing in with their thoughts, often during or shortly after important events. President Donald Trump is perhaps the best-known example of a politician today who favors Twitter as a way to communicate his thoughts and plans. Some could say It's not far fetched to say that his tweets reach more people than most of the official communication from the White House.
With social media, the line between official statements and personal thoughts might become blurry when using these forms of communication. Open communication and direct contact with elected leaders can be a very positive change for the society. At the same time, it creates a new kind of risk – what happens when those communication channels are hijacked? Certainly, there are tons of examples in history, well before computers or the Internet, of false messages being delivered in the name of others to confuse or fraud. The aspect that changes the game is how Twitter and similar channels can often be seen as personal, rather than formal channels of communication. This can mean that the level of control and security applied to the social media channels do not match with the other official channels used in the organization. For example, the types of passwords or authentication schemes used in Twitter might not be anywhere near as strong as those enforced in a corporate environment. A message sent on Twitter by a public figure is likely to be perceived as real and even a brief moment can be enough to cause real damage if the account is being hijacked.
Although the situation is still developing and the full picture of the hack isn't known at the time, it’s fair to assume that the attackers had full access to the accounts. In this instance, they focused on stealing data and distributing it, but equally, they could have used the access to post new messages. Most likely, it would take some time before anyone realizes that the posts are fake. With the right timing and good planning, this could be used to impact politics or for example target the economy and stock market.
For those who use Twitter and other social media as part of their work or otherwise publish relevant information, this is a good time to make sure that you have the right mindset with your social media accounts. If your message could be understood to represent your organization's official view and your word carries significant weight among your followers, it’s time to consider those accounts with the same kind of mindset as any company account or system.
You can read more about the case on the news. Given that this is a current event, the situation will likely keep changing as new information comes out.
To protect your Twitter account, consider the following steps:
- Favor two-factor authentication (2FA) over simple password-only login to make it harder to break into the account: https://help.twitter.com/en/managing-your-account/two-factor-authentication
- Use your account only from secure devices (e.g. your mobile phone)
- Apply the same security precautions as you would with any other company services.
- Follow your company's security best practices and co-operate with your security team so that they can support you
- If you find out that your account has been compromised, follow the guidance from Twitter: https://help.twitter.com/en/safety-and-security/twitter-account-compromised
When reading tweets that seem surprising or unusual, keep in mind that not everything is what it seems. In the case of suspicious information posted on Twitter, try to validate the information from other sources. It’s possible that the account has been compromised and the messages are not from the real owner. Keep this in mind especially if you are about to carry out significant actions (e.g. investing) based on the information!