How did Twitter get hacked?

How did Twitter get hacked?

On July 15th many Twitter accounts were compromised.  How did this happen to a company like Twitter?

‘This was the worst social media hack ever happened in history’twitter hacked

The security involvement of the hack are also wide-reaching, not just for Twitter but for other social platforms.

Early suggestions are the hackers managed to access administration privileges, which allowed them to bypass the passwords of any account they wanted.

Twitter appeared to confirm this in a tweet saying: “We detected what we believe to be a co-ordinated social-engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

As we generate more content online we are creating a larger digital footprint.  These attackers simply contacted Twitter and asked for the names of key personal, the head of the customer service, their CIO, etc.  Once the attackers knew the identity of key individuals they then researched their web pages, Facebook links, LinkedIn profiles, etc.

The attackers were able to gain enough information from those pages to be able to correctly answer Twitter’s support questions and gain access to those accounts.

Once the attackers had access to an Admin account they could reset end-user accounts and then login as those users.  It was that easy.

Some questions that should be asked; What would have helped prevent this disaster?  Is your system(s) vulnerable to a similar attack?   How can your system(s) be protected?

2FA or Two Factor Authentication would have stopped this attack.  With 2FA the mobile device is registered to the account and the login is not possible until a code on the mobile device is entered.

At Protected Harbor we support 2FA for all systems, allowing our customers to be safe, secure, and protected, as in Protected Harbor.

How to Protect your data from Phishing Sites

How to Protect Your Data from Phishing Sites

How to Protect Your Data from Phishing Sites

What’s a Phishing Attack?

A phishing attack is a deceptive attempt by cybercriminals to trick individuals into divulging sensitive information, such as usernames, passwords, or financial details, by masquerading as a trustworthy entity. These attacks often occur via email, where the attacker sends a fraudulent message appearing to be from a legitimate organization, enticing recipients to click on malicious links or provide confidential information. Phishing attacks can also occur through other communication channels, such as text messages or social media platforms.

To protect against phishing attacks, organizations and individuals employ various measures, including secure email protocols, email security solutions, and secure browsing practices. Secure email protocols utilize encryption and authentication mechanisms to prevent unauthorized access to sensitive information during transmission. Email security solutions, such as spam filters and malware scanners, help detect and block phishing attempts before they reach recipients’ inboxes. Secure browsing practices involve verifying website URLs, avoiding clicking on suspicious links, and being cautious when sharing personal information online.

Common types of phishing attacks include spear phishing, where attackers target specific individuals or organizations, and pharming, where attackers redirect users to fraudulent websites. By implementing robust data protection measures and promoting awareness of phishing techniques, individuals and organizations can mitigate the risks posed by these malicious attacks and safeguard sensitive information from unauthorized access and exploitation.

 

Here’s How Phishing Works

In today’s digital landscape, understanding how phishing works is essential for safeguarding your data and maintaining secure communication channels. Phishing, a form of cyber attack, typically involves fraudulent emails or messages disguised as legitimate entities to deceive recipients into revealing sensitive information. These attacks aim to compromise data protection measures and exploit vulnerabilities in secure email systems.

There are various types of phishing tactics employed by cybercriminals, including deceptive emails, spear phishing targeting specific individuals or organizations, and pharming redirecting users to malicious websites. Ensuring robust email security protocols and practicing secure browsing habits are paramount in mitigating phishing risks.

To fortify defenses against phishing attempts, prioritize implementing secure email solutions and employ encryption methods to safeguard sensitive information. Additionally, educate users on recognizing phishing red flags, such as suspicious sender addresses or unsolicited requests for personal data.

By understanding the mechanisms of phishing attacks and bolstering email security measures, individuals and organizations can proactively defend against data breaches and uphold robust data protection standards. Stay vigilant, stay informed, and stay secure in the ever-evolving landscape of cyber threats.

How to Protect Your Data from Phishing Sites

 

Please follow these steps to help protect your data from phishing sites:-

Follow these steps to stay Protected as in Protected Harbor!
  1. Never enter password and ID on a web site opened from an email
    With the exception of when you forget a password and you requested the link, never ever enter your password and ID on a web site opened from an email. If a web site needs to be opened, then open the website in your browser, not by clicking on the link.
  2. Never log in to a secure server or site from a public computer
    Never log in to a secure server or secure site (HTTPS) from a public computer. Cookies can be left that will contain enough information for your account to be compromised, use your cell phone instead.
  3. Do not use public WiFi
    Do not use public WiFi. Criminals are always scanning public WiFi systems looking for users to connect so that they can capture the ID and password.

What to do if you fall victim?

If you fall victim to a phishing attack and disclose sensitive personal information, take immediate action. Notify your bank or financial institution to secure your accounts and monitor for fraudulent activity. Change your passwords for affected accounts and enable two-factor authentication where possible. Report the phishing attempt to the appropriate authorities, such as the Anti-Phishing Working Group or the Federal Trade Commission. Additionally, educate yourself and others on how to recognize and avoid phishing scams in the future. Remember to report any suspicious contacts to help prevent others from falling victim to similar attacks.

 

Tips to Fight Identity Theft

Protecting yourself from identity theft involves taking proactive steps and being aware of common risks and preventive measures. Here are effective ways to prevent identity theft:

1. Safeguard Personal Information: Refrain from disclosing sensitive details such as Social Security numbers, account numbers, or passwords online or over the phone unless you initiated the contact. This precaution is crucial in thwarting unauthorized access.

2. Exercise Caution with Emails: Avoid clicking on links in suspicious emails, as they may contain viruses that compromise your computer’s security. Instead, type the website URL directly into your browser or use a trusted bookmarked page.

3. Remain Skeptical of Threats: Do not succumb to urgent emails or calls threatening severe consequences if you do not provide financial information immediately. Verify the authenticity of such communications independently by visiting the company’s official website.

4. Act Promptly if Targeted: If you suspect or experience identity theft, take immediate action. Alert your financial institution, place fraud alerts on your credit files, and closely monitor your credit reports and account statements for unauthorized activity.

5. Report Suspicious Activity: Report any suspicious emails or calls related to identity theft to the Federal Trade Commission (FTC) or call 1-877-IDTHEFT. Timely reporting helps mitigate potential damage and prevent further incidents.

By adhering to these preventive measures and promptly addressing any signs of identity theft, you can significantly reduce the risk of falling victim to fraudulent activities. Being proactive and cautious with your personal information is essential in safeguarding your financial security in today’s digital landscape.