How was the 2020 Twitter Hack carried out? How could it have been prevented?

Question

Sr. Director of Growth at PeerSpot (formerly IT Central Station)

5
114

How was the 2020 Twitter Hack carried out? How could it have been prevented?

On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass.

Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber.

The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned.

How could Twitter have been better prepared for this? How do you rate their response?

6 Answers

Answered Aug 10, 2020

Search for a product comparison in Application Security Tools

Buyer's Guide

Application Security Tools

October 2022

Download Free Report

Find out what your peers are saying about Sonar, Veracode, Mend and others in Application Security Tools. Updated: October 2022.

DOWNLOAD NOW

635,987 professionals have used our research since 2012.

Related Questions

Shibu Babuchandran

Regional Manager/ Service Delivery Manager at ASPL INFO Services

Jul 28, 2022

What is CAPTCHA and how does it work? How can you use it for Artificial Intelligence (AI)?

What is CAPTCHA and how does It work? What are the potential use cases of CAPTCHA for AI?

See 1 answer

CL

Christy Limestall

Managing Partner at ODNA, LLC

28 July 22

CAPTCHA, Completely Automated Public Turing test to tell Computers and Humans Apart, is widely used as a security mechanism to classify human and computer. This security mechanism is based on the Turing Test, which has been conceived to ensure network security.

Read full answer

KK

KamalKapur

Quality Executive at Dharampal Premchand Limited(DPPCL)

Oct 06, 2022

Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?

Hello, I work as a Quality Executive at a Consumer Goods company. At the moment, we're researching an email security solution. We have 1000+ users. Among others, we've been looking at these products: Cisco Secure Email, Forcepoint Email Security and Barracuda Email Security Gateway. Which of those solutions would you recommend? Please explain its advantages. Would you recommend any diffe...

2 out of 6 answers

SimonClark

Cyber Security Advisor - Director at Fort Net UK

20 June 22

Top brands don't mean best or most cost-effective. My advice is to look a bit further before you make a decision. Evidence suggests that most top brands are pretty good at detecting and blocking malicious attachments, best case letting through 1%, but can be worse than 50% when it comes to detecting malicious links in the text of the email. There are numerous less well-known vendors with lower-cost AI-based solutions that have a far better success rate, also providing employees the ability to report on suspect emails which auto-removes them from other staff members' inboxes until they have been properly assessed. Some will provide a visual risk score to the recipient to give them advance warning to be more cautious. Combining this kind of capability with staff awareness products keeps your vendor list lower and further improves efficiency. For around £2 GBP per user per month (less than $3) we provide different vendors depending upon the customer's environment but provided as a managed service. This allows our customers to outsource some of the monitoring and day-to-day management, spread the cost on a monthly basis, and flex how many licences they need on a monthly basis too i.e. if you drop 20 users don't pay for them but if you increase by 20 you don't need complex co-termination and pro rata discussions.

Read full answer

Daniel Martínez

Security Technician at Mercadona

21 June 22

I only can recommend Cisco because it´s the only one with which I'd worked enough. I think it is powerful enough and has a lot of possibilities. In addition, to a great support team.

Read full answer

See all 6 answers

Related Articles

Ariel Lindenfeld

Director of Content at PeerSpot (formerly IT Central Station)

Aug 21, 2022

PeerSpot User's Choice Award 2022

We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...

Deena Nouril

Tech Blogger

Aug 05, 2022

What is OWASP Top 10 in 2022

What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedicated to improving software security. It operates under an open community model, meaning that anyone can participate in and contribute to OWASP-related online chats and projects. The OWASP ensures that its offerings (online tools, videos, forums, events, etc.) remain free and are easily accessible t...

See 2 comments

Ben Arbeit

Manager at a retailer with 51-200 employees

31 July 22

Thanks for this informative article.

Read full comment

Jairo Willian Pereira

Information Security Manager at a financial services firm with 5,001-10,000 employees

05 August 22

OWASP is nice, but very specific and currently limited. How about trying ISO-24772 for all?

Read full comment

Evgeny Belenky

Director of Community at PeerSpot (formerly IT Central Station)

Mar 04, 2022

Community Spotlight #9

Hi community members, Here is our new Community Spotlight for YOU. We publish it to help you catch up on recent contributions by community members. Do you find it useful? Please comment below! Trending Top HCI in 2022 What are the main differences between XDR and SIEM? Articles Top 5 Ethernet Switches in 2022 SASE: what is it and what are the main benefits? Questions Che...

Ram Chenna

Enterprise Architect at Blueray Digital Services

Dec 15, 2021

Privacy issues and regulatory laws to be complied with when implementing an RPA program

Privacy Concerns in an RPA Implementation Program. The biggest concern we (as RPA solution implementors) have faced when interacting with clients and customers were: 1. Regulatory and Compliance issues. 2. InfoSec and Security issues. 3. Audit Issues. Regulatory and Compliance Issues: There is a huge penalty if the wrong data gets updated and emails are sent to customers by the regulatory...

Tjeerd Saijoen

CEO at Rufusforyou

Sep 03, 2021

Security and Performance Monitoring

ICT is getting more and more complex: today I have several systems in Chicago, several more in Amsterdam and if you need to protect your environment you will need to check on-premises, the cloud at Amazon, and the cloud at Microsoft Azure. Why is Performance related to security? For the following reasons: Today we need more than one tool to protect our environment. You need anti-spoofing...

See 2 comments

Shibu Babuchandran

Regional Manager/ Service Delivery Manager at ASPL INFO Services

01 September 21

Very good insights about correlation for security with performance.

Read full comment

Johann Delaunay

Key Account Manager at ITRS Group

03 September 21

Interesting positioning and way of thinking, thank you very much for the article!

Read full comment

Related Categories

Application Security Tools

EPP (Endpoint Protection for Business)

Privileged Access Management (PAM)

EDR (Endpoint Detection and Response)

Ken Shaurette · Answer 1 · 2020-07-17T11:07:07Z

For some good information from a leading expert check out the webinar today 7/17 on Brighttalk by Alex Holden..... We have a lot of
questions about the Twitter breach but not so many answers. I can tell
you that similar cryptocurrency fraud campaigns are on-going on
different social media platforms and on a different scale. Tomorrow
(Friday) at 11 am CT on BrightTalk https://lnkd.in/eRuXaca We will discuss what we know about the breach and disturbing patterns that are emerging everywhere.

Ken Shaurette · Answer 2 · 2020-07-23T15:10:18Z

I like the potential for catching an unusual activity like that with our recently implemented endpoint detection tool, Cynet360. It seems so far to have about the highest level of transparency into the endpoint with a 24x7x365 backing of monitoring.

Prasanna VA · Answer 3 · 2020-08-10T15:14:01Z

It's understood that internal tool probably shared by Internal Employee as RCA. The tool was used to reset associated Mail Address of account thereby Password Reset of Choice. In MFA of Identity related features, it's more secured on keeping it with associated Mobile Secure Pin or SoftCrypto Code in Future to avoid compromise at this moment is the lesson learned.

Joke · Answer 4 · 2020-08-07T22:33:50Z

JF

Joke

Security Analyst at a financial services firm with 201-500 employees

Real User

07 August 20

The use of two factor authentication by Twitter

Paresh Makwana · Answer 5 · 2020-07-20T10:07:07Z

This is one of the Identity theft issue, which means some one hack your password or account and do activity which he she is not suppose to do. basic reason of hack of your identity or password is Social engineering. second reason is system has week privilege access management. If you have less control on admin id or privilege id then enter firm has to suffer along with the customer of that firm. For me the take away of this event is to protect privilege ID and you good PAM PIM tool with two factor and UBA included.

Russell Webster · Answer 6 · 2020-07-17T22:19:33Z

Russell Webster

VP and Sr. Manager at a financial services firm with 1,001-5,000 employees

Real User

17 July 20

Span of control, Solid RBAC, Privileged Access Management (PAM)