Hacking at news giant rattles US
AHIJACKED Associated Press Twitter account that rattled markets with false word of an attack on the White House has put the security of social media in the crosshairs.
The stock market rebounded from the nosedive triggered on Tuesday by the bogus tweet and AP posted a message on Twitter that its account, which was suspended after being hacked, has been secured and is back up.
The AP Twitter page indicated more than 1.8 million followers yesterday evening in San Francisco, where the messaging service has its headquarters.
What remained were questions as to whether security was tight enough on Twitter and other popular social networks in an age when people increasingly turn to posts from friends or strangers for news and information.
Twitter was firm that the hijacking of the AP account did not prompt any immediate moves to toughen security.
AP’s account appeared to have been breached after hackers tricked someone into revealing a password with a deceptive e-mail message in what is referred to as a phishing attack.
Some online reports contended that Twitter was considering “two-factor authentication” that would require users to either know something or do something aside from just type in passwords to access accounts.
“The most critical thing we see is people just have horrendous passwords and use them all over the web,” said Mark Risher, chief and founder of Impermium, an internet security firm.
While incorporating a second step such as sending a confirmation code in a message to an e-mail account or cellphone associated with a user’s account was a big improvement, even that defence was flawed, he said.
Phishing attacks are becoming increasingly sophisticated and convincing, sometimes with information harvested from social networks used to make pitches more personal and believable to specific targets, according to Risher.
A person conned into giving hackers a password could just as easily be asked for a second bit of information needed to get into an account, he reasoned.
“You really can’t just expect users to never get duped, because they always will,” Risher said. “Service providers should never be satisfied with a password.”
Adding multiple layers of security to get into accounts treads on the ease of using online services, forcing social networks to risk aggravating members. – Sapa-AFP