Early suggestions are the hackers managed to access administration privileges, which allowed them to bypass the passwords of any account they wanted.
Twitter has said that hack is believed to be a co-ordinated social-engineering attack by persons who successfully targeted some of their employees who had access to internal systems and tools
“Social-engineering” could mean one of several things.
It might imply a targeted phishing operation – a common tactic employed by cyber-criminals, who find out which individuals have the keys to a system and then target them with personal emails that trick them into handing over details.
Or it might mean the perpetrators managed to convince one or several staff members to go rogue, by offering a financial inducement or other means.
The exact details of how the cyber-attack happened is not yet fully known
What are implications of this security incident?
It was an unprecedented attack on privacy, trust and security.
It had huge impact as the tweets had a reach of at least 350 million people.
Being the platform of choice for some of the most powerful and prominent people in the world, the attack on Twitter will cost its reputation
This hack shows just how vulnerable social-media platforms are
It also shows how vulnerable users are to disinformation (who paid in bitcoins)
2020 being election year in USA, there are now valid questions about whether Twitter can be relied upon in the lead up to elections
Way Ahead – what steps needs to be taken?
As social media platforms are also used as warning systems, and for publication of news, they need to be extra careful with security.
Social media platforms also need to have contingency plans ready
Social media companies need to spend more on security (there is no law regarding this as of now).
There is need for comprehensive & strict laws about cyber security
India is still to come out with a national cybersecurity policy or mandate companies to do such checks
Conclusion
As more people adjust to online activities, there is a need to look at cybersecurity as a necessary spend.
Did You Know?
Beyond a potential loss of trust, Twitter may now face legal consequences too.
The EU’s General Data Protection Regulation (GDPR) says organisations such as Twitter have to show “appropriate” levels of security.
And if data-protection officers judge that Twitter failed to take adequate measures to protect European users, it could be fined.
Connecting the dots:
Critical analysis of Social Media
EU’s General Data Protection Regulation (GDPR) and Justice B. N. Srikrishna Committee report on data protection regime
