Latest


Twitter beefs up security for internal tools from potential misuse

  •   Sat, Sep 26 2020 11:25:50 AM

New Delhi, Sep 26 (IANS): To further secure its internal tools from potential misuse after the massive crypto hack in July, Twitter has rolled out phishing-resistant security keys, requiring its team to use them when authenticating to systems around the world.

The move, the company said, is to help reduce the risk of an unauthorised third-party gaining access to Twitter internal systems using compromised employee credentials.

The July 15 hack resulted in Twitter profiles for celebrities, executives and public figures sending out tweets advertising a bitcoin scam.

Twitter then admitted that the hackers "targeted a small number of employees through a phone spear phishing attack," that "relies on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems."

The micro-blogging platform said this week that it has beefed up its access management processes and authentication systems.

"To further secure our internal tools from potential misuse, we have been strengthening the rigorous checks that team members with access must undergo. This also helps reduce the potential for an unauthorised person to get access to our systems," Twitter CTO Parag Agrawal said.

He said that internal detection and monitoring tools "are constantly being improved, even since the July incident, to include things like expanding our detection and response efforts to include suspicious authentication and access activity".

In addition to requiring security and privacy and data pProtection training for all newly hired Twitter employees, the company has introduced new courses and increased the frequency and availability of existing courses for all employees.

"For example, we introduced two new mandatory training sessions for people who have access to non-public information. These trainings make clear the dos and don'ts when accessing this information and ensure employees understand how to protect themselves when they are online so they can better avoid becoming phishing targets for attackers," Agrawal explained.

By targeting specific Twitter employees in July, the hackers were able to gain access to internal Twitter tools and targeted 130 Twitter accounts, tweeted from 45 of them, accessed the DMs of 36 accounts, and downloaded the Twitter data of seven.

In addition to existing security training courses, Twitter said it has also enhanced training content on secure coding, threat modeling, privacy impact assessments, and privacy by design.

"We are continuing to invest more in the teams, technology, and resources to support this critical work," it added.
  

Top Stories


Leave a Comment

Title: Twitter beefs up security for internal tools from potential misuse



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like