Several protective practices are shared as follows:
QUOTE: Several Twitter accounts belonging to the United Kingdom’s Guardian were hit by the Syrian Electronic Army over the weekend, and last week, Associated Press, CBS News, and BBC were also hacked. SEA threatened to keep up its attacks because Twitter keeps suspending its account. Several of the recommendations fall under basic Security 101 and are tips anyone should follow, for both their personal accounts as well as shared ones.
Twitter encouraged users to change passwords and select strong passwords and be on the lookout for suspicious communications or that may be a part of a spear phishing campaign. All organizations, not just media, should be aware of potential phishing attacks. “These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organization and following the security guidelines below is vital to preventing abuse of your Twitter accounts,” the memo said.
Since Twitter uses email for password resets and official communications, users need to keep their email accounts secure, first by selecting strong (and different!) passwords. If two-factor authentication is available on the email account, it should be enabled, Twitter suggested. Users should never send passwords via email, even internally, Twitter warned. That way, attackers can’t find the password of the account through someone else’s archived messages.