Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Privacy Social Networks Twitter

Why Twitter Can't Even Protect Tech CEOs From Getting Hacked (buzzfeed.com) 61

Over the past few weeks, we have seen a number of CEOs -- including Google's Sundar Pichai, and Facebook's Mark Zuckerberg -- become victims of Twitter hacks. One must ask, what's wrong with Twitter that so many people -- including high-profile names -- keep getting hacked? BuzzFeed dives deep into the problem, and says it's how Twitter interacts with third-party apps that's at fault. From the article:Over the past several weeks, however, a three-person hacking team called OurMine has made clear that years after the problem first came to light, third-party authentication is still a security nightmare for Twitter. By gaining access to apps with third-party write access, OurMine has been able to post to the Twitter accounts of tech bigwigs like Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, and Uber CEO Travis Kalanick. In other words, whichever write-authorized app connected to your Twitter is least secure is exactly how secure your Twitter account is. [...] The public nature of Twitter, whose main point is to share information as quickly and widely as possible, has made these attacks a much bigger issue for Jack Dorsey's company than they are for Facebook. And there's very little Twitter can do to solve the problem that doesn't defeat the incentives for third-party writing privileges in the first place: Speed and functionality. Adding layers of security -- like an extra login -- to access Twitter through a third-party app defeats the purpose of speedy cross-platform sharing. And disabling third-party writing would anger developers and hurt engagement, a cost Twitter probably isn't willing to bear.
This discussion has been archived. No new comments can be posted.

Why Twitter Can't Even Protect Tech CEOs From Getting Hacked

Comments Filter:
  • by codemaster2b ( 901536 ) on Friday July 01, 2016 @09:04AM (#52426293)

    While you can't fix the general weakness of the platform, there's nothing stopping Twitter from slapping on a "VIP" mark on special accounts, which will make any attempt to change passwords, etc, take extra steps and authentications.

    • Twitter already has a VIP badge [twitter.com], currently displayed as a white checkmark on a blue eight-lobed shape. Occasionally the loss of this badge

      What you recommend amounts to requiring all verified accounts to use 2-factor authentication. But that'll be impractical until Twitter starts allowing second factors other than SMS, such as TOTP (e.g. Google Authenticator) or a U2F key. As of the last time I checked, a single phone line could be associated with only one account [jessysaurusrex.com]. Trying to use a single phone line as the se

    • Comment removed based on user account deletion
      • Because you plebs don't deserve security. If someone hacks your account, posts as you, and tries to ruin your life... Twitter and social media companies simply do not care.

    • by mlts ( 1038732 )

      Maybe an option to turn all additional API stuff off, except for the web page? Facebook allows people to disable the third party app API platform.

    • by EvilSS ( 557649 )

      While you can't fix the general weakness of the platform, there's nothing stopping Twitter from slapping on a "VIP" mark on special accounts, which will make any attempt to change passwords, etc, take extra steps and authentications.

      That would have made no difference here however, since it wasn't Twitter but another application connected to Twitter that was compromised. They used the compromised application, which had been granted read/write access to their Twitter accounts by the account holders, to post tweets to their Twitter feeds.

      • by tepples ( 727027 )

        Could Twitter periodically ask users to revoke write privileges of apps with read/write access that haven't used a write call in 30 days?

  • by The-Ixian ( 168184 ) on Friday July 01, 2016 @09:30AM (#52426495)

    Do people expect that CEOs have some magical power or distinction that make them somehow less vulnerable to hacks?

    I would expect that, because of celebrity status, they would be hacked more than other people, not less.

  • by swb ( 14022 ) on Friday July 01, 2016 @09:57AM (#52426665)

    PR Manager: CEO Bob needs a twitter account. Can you set that up for him?

    PR Intern: You got it. OK, here's the account and password.

    CEO Bob: Hey, I need to get the twitter account on my phone and tablet.

    PR Manager: OK, we can add them.

    PR Intern: We need to change the password on CEO Bob's twitter account.

    PR Manager: We can't, he's in Davos/Aspen/St. Bart's and he won't know how to log back in.

    Hacked CEO Bob on Twitter: I suck! My company is a fraud!

  • by Cajun Hell ( 725246 ) on Friday July 01, 2016 @10:54AM (#52427041) Homepage Journal

    1) Think about why you post to Twitter. (Are you reaching anyone? If there actually is someone, is this the only way you can reach them? Is this an easy or convenient way to communicate? Does it help you express your ideas?)

    2) Draw a total blank. Stare into space a while. Make sure. (Hmm.. nope, still nothing.)

    3) Delete account.

    Twitter is one of the dumbest and least-useful ideas ever. Even Facebook is a good idea, a model of interactivity and convenient expression and dialog, compared to Twitter.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Young adults (and kids) are using twitter a lot more than over-40s. This isn't because the older generation is falling behind on the tech curve. This is because twitter is fucking stupid, and the kids haven't figured that out yet

    • Does it help you express your ideas?

      Twitter isn't for expressing ideas, Twitter is for posting news, some of general interest, some not. Twitter's popular for that precisely because it's not possible to post long rants there, and because condensed stupidity tends to at least be quotable.

      Twitter is a "sensory stream", not thought stream.

  • by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Friday July 01, 2016 @11:10AM (#52427165)

    There's an in-built assumption here that goes to the heart of the whole privacy debate: that people like Zuckerberg and Pichai deserve a higher standard of protection than the rest of us from having their private information accessed by people who may not have their best interests at heart.

  • by fahrbot-bot ( 874524 ) on Friday July 01, 2016 @11:19AM (#52427259)

    Over the past few weeks, we have seen a number of CEOs -- including Google's Sundar Pichai, and Facebook's Mark Zuckerberg -- become victims of Twitter hacks. One must ask, what's wrong with Twitter that so many people -- including high-profile names -- keep getting hacked?

    What does a person's status have anything to do with the ability for his/her Twitter account getting hacked? Passwords and/or protocols are either weak or not and don't play favorites based on a person's status.

  • ... well, obvious to me, anyway.

    In other words, whichever write-authorized app connected to your Twitter is least secure is exactly how secure your Twitter account is.

    So, does anyone keep a list of Twitter-connected apps (there is something other than logging on through the website?), and their relative security strengths?

  • Exactly what are the incentives for some of these CEOs to prevent their accounts from being hacked? How does it look bad if the CEO of Facebook or Google if their Twitter account is hacked? They can just point out that it wasn't their company's platform being breached.

Reality must take precedence over public relations, for Mother Nature cannot be fooled. -- R.P. Feynman

Working...