Coming October 25: PeerSpot Awards will be announced! Learn more
2020-07-17T09:44:00Z
Menachem D Pritzker - PeerSpot reviewer
Sr. Director of Growth at PeerSpot (formerly IT Central Station)
  • 5
  • 114

How was the 2020 Twitter Hack carried out? How could it have been prevented?

On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass.

Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber.

The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned.

How could Twitter have been better prepared for this? How do you rate their response?

6
PeerSpot user
6 Answers
Ken Shaurette - PeerSpot reviewer
Director InfoSec and Audit at a manufacturing company with 1,001-5,000 employees
Real User
Top 5Leaderboard
2020-07-17T11:07:07Z
17 July 20

For some good information from a leading expert check out the webinar today 7/17 on Brighttalk by Alex Holden..... We have a lot of
questions about the Twitter breach but not so many answers. I can tell
you that similar cryptocurrency fraud campaigns are on-going on
different social media platforms and on a different scale. Tomorrow
(Friday) at 11 am CT on BrightTalk https://lnkd.in/eRuXaca We will discuss what we know about the breach and disturbing patterns that are emerging everywhere.

Menachem D Pritzker - PeerSpot reviewer
Sr. Director of Growth at PeerSpot (formerly IT Central Station)
User
20 July 20

@Ken Shaurette thanks! I missed it live, will catch the recording when I get a chance. What security platforms do you think would have done the best job at preventing the hack?

PeerSpot user
Search for a product comparison in Application Security Tools
Ken Shaurette - PeerSpot reviewer
Director InfoSec and Audit at a manufacturing company with 1,001-5,000 employees
Real User
Top 5Leaderboard
2020-07-23T15:10:18Z
23 July 20

I like the potential for catching an unusual activity like that with our recently implemented endpoint detection tool, Cynet360.  It seems so far to have about the highest level of transparency into the endpoint with a 24x7x365 backing of monitoring.  

Prasanna VA - PeerSpot reviewer
Senior Technical Manager at Incedo Inc.
Real User
2020-08-10T15:14:01Z
10 August 20

It's understood that internal tool probably shared by Internal Employee as RCA. The tool was used to reset associated Mail Address of account thereby Password Reset of Choice. In MFA of Identity related features, it's more secured on keeping it with associated Mobile Secure Pin or SoftCrypto Code in Future to avoid compromise at this moment is the lesson learned. 

JF
Security Analyst at a financial services firm with 201-500 employees
Real User
2020-08-07T22:33:50Z
07 August 20

The use of two factor authentication by Twitter

Paresh Makwana - PeerSpot reviewer
Director at a tech services company with 1-10 employees
Reseller
Top 20Leaderboard
2020-07-20T10:07:07Z
20 July 20

This is one of the Identity theft issue, which means some one hack your password or account and do activity which he she is not suppose to do. basic reason of hack of your identity or password is Social engineering. second reason is system has week privilege access management. If you have less control on admin id or privilege id then enter firm has to suffer along with the customer of that firm. For me the take away of this event is to protect privilege ID and you good PAM PIM tool with two factor and UBA included.  

Russell Webster - PeerSpot reviewer
VP and Sr. Manager at a financial services firm with 1,001-5,000 employees
Real User
2020-07-17T22:19:33Z
17 July 20

Span of control, Solid RBAC, Privileged Access Management (PAM) 

Find out what your peers are saying about Sonar, Veracode, Mend and others in Application Security Tools. Updated: October 2022.
635,987 professionals have used our research since 2012.
Related Questions
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jul 28, 2022
What is CAPTCHA and how does It work? What are the potential use cases of CAPTCHA for AI?
See 1 answer
CL
Managing Partner at ODNA, LLC
28 July 22
CAPTCHA, Completely Automated Public Turing test to tell Computers and Humans Apart, is widely used as a security mechanism to classify human and computer. This security mechanism is based on the Turing Test, which has been conceived to ensure network security.
KK
Quality Executive at Dharampal Premchand Limited(DPPCL)
Oct 06, 2022
Hello, I work as a Quality Executive at a Consumer Goods company.  At the moment, we're researching an email security solution. We have 1000+ users. Among others, we've been looking at these products: Cisco Secure Email, Forcepoint Email Security and Barracuda Email Security Gateway.  Which of those solutions would you recommend? Please explain its advantages. Would you recommend any diffe...
2 out of 6 answers
SimonClark - PeerSpot reviewer
Cyber Security Advisor - Director at Fort Net UK
20 June 22
Top brands don't mean best or most cost-effective. My advice is to look a bit further before you make a decision. Evidence suggests that most top brands are pretty good at detecting and blocking malicious attachments, best case letting through 1%, but can be worse than 50% when it comes to detecting malicious links in the text of the email.  There are numerous less well-known vendors with lower-cost AI-based solutions that have a far better success rate, also providing employees the ability to report on suspect emails which auto-removes them from other staff members' inboxes until they have been properly assessed. Some will provide a visual risk score to the recipient to give them advance warning to be more cautious. Combining this kind of capability with staff awareness products keeps your vendor list lower and further improves efficiency. For around £2 GBP per user per month (less than $3) we provide different vendors depending upon the customer's environment but provided as a managed service. This allows our customers to outsource some of the monitoring and day-to-day management, spread the cost on a monthly basis, and flex how many licences they need on a monthly basis too i.e. if you drop 20 users don't pay for them but if you increase by 20 you don't need complex co-termination and pro rata discussions.
Daniel Martínez - PeerSpot reviewer
Security Technician at Mercadona
21 June 22
I only can recommend Cisco because it´s the only one with which I'd worked enough. I think it is powerful enough and has a lot of possibilities. In addition, to a great support team. 
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 05, 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedicated to improving software security. It operates under an open community model, meaning that anyone can participate in and contribute to OWASP-related online chats and projects. The OWASP ensures that its offerings (online tools, videos, forums, events, etc.) remain free and are easily accessible t...
See 2 comments
Ben Arbeit - PeerSpot reviewer
Manager at a retailer with 51-200 employees
31 July 22
Thanks for this informative article.
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
05 August 22
OWASP is nice, but very specific and currently limited. How about trying ISO-24772 for all?
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Mar 04, 2022
Hi community members, Here is our new Community Spotlight for YOU. We publish it to help you catch up on recent contributions by community members. Do you find it useful? Please comment below! Trending Top HCI in 2022 What are the main differences between XDR and SIEM? Articles Top 5 Ethernet Switches in 2022 SASE: what is it and what are the main benefits? Questions Che...
Ram Chenna - PeerSpot reviewer
Enterprise Architect at Blueray Digital Services
Dec 15, 2021
Privacy Concerns in an RPA Implementation Program. The biggest concern we (as RPA solution implementors) have faced when interacting with clients and customers were: 1. Regulatory and Compliance issues. 2. InfoSec and Security issues. 3. Audit Issues. Regulatory and Compliance Issues: There is a huge penalty if the wrong data gets updated and emails are sent to customers by the regulatory...
Tjeerd Saijoen - PeerSpot reviewer
CEO at Rufusforyou
Sep 03, 2021
ICT is getting more and more complex: today I have several systems in Chicago, several more in Amsterdam and if you need to protect your environment you will need to check on-premises, the cloud at Amazon, and the cloud at Microsoft Azure.  Why is Performance related to security? For the following reasons:  Today we need more than one tool to protect our environment. You need anti-spoofing...
See 2 comments
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
01 September 21
Very good insights about correlation for security with performance.
Johann Delaunay - PeerSpot reviewer
Key Account Manager at ITRS Group
03 September 21
Interesting positioning and way of thinking, thank you very much for the article!
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 05, 2022
What is OWASP Top 10 in 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedi...
Download Free Report
Download our free Application Security Tools Report and find out what your peers are saying about Sonar, Veracode, Mend , and more! Updated: October 2022.
DOWNLOAD NOW
635,987 professionals have used our research since 2012.