The Pentagon hack: Twitter needs to do more to prevent future breaches

Alina Lewis • January 13, 2015, 17:18:51 IST

As most organisations have more than a single person person looking after their Twitter accounts, passwords can easily get leaked out to unauthorised people, who would find passwords passed around in emails, notepads or sticky notes.

The Pentagon hack: Twitter needs to do more to prevent future breaches

The Twitter account of the U.S. Central Command was hacked by people claiming to be sympathizers of the Islamic State militant group. Its official Twitter account was then used for sending pro-ISIS messages and two videos related to ISIS were posted.

This is not the first time that an influential Twitter account has been taken over by hackers. In the past, official Twitter accounts of politician Shashi Tharoor, the Israeli military and BBC’s weather service have also faced a similar fate. In 2013, a spate of attacks on accounts of prominent media outlets including the Associated Press, the Financial Times and The Onion, prompted the micro-blogging website to beef up its security.

But it looks like the steps it had then taken have not helped much.

As most organisations have more than a single person person looking after their Twitter accounts, passwords can easily get leaked out to unauthorised people, who can find passwords passed around in emails, notepads or sticky notes. This can be mitigated to a certain extent by creating roles for people using a shared account, the way Facebook does with Pages. This would allow them to sign into Twitter with their personal Twitter accounts without giving them access to the official login credentials of another official Twitter account. This can also tell who from the organisation is tweeting from its Twitter account.

Another, albeit stronger, method of protecting Twitter passwords in an organisation is by making use of a password manager that support multi-user credentials. KeePass, for example, assigns passwords for each user of a single account without revealing the actual username and password of a Twitter account.

If you don’t belong to an organisation and you can swear that you’ve never shared your login credentials with a second person, the only way to to protect your Twitter account from being compromised is by creating a strong password. While Twitter encourages users to create passwords that are difficult to guess, it must not accept flimsy passwords at the time when users create an account. Using numbers and special characters should be mandatory while choosing a password in order to prevent a potential security breach.