HomeMalware & ThreatsDefending Against Corporate Social Media Account Takeovers

Defending Against Corporate Social Media Account Takeovers

Published on

spot_img

The recent hijacking of the official @SECgov Twitter account has raised concerns about the security of corporate social media accounts. The account was compromised, and fake cryptocurrency news was broadcast, causing a temporary surge in the value of bitcoin. This incident has highlighted the vulnerability of social media accounts, especially those tied to government agencies and high-profile organizations.

Security expert Rachel Tobac emphasized the importance of using multifactor authentication and fit-for-purpose password management tools to secure social media accounts. She recommended the use of group password managers and group password manager MFA tools to enhance security.

The account takeover incidents involving the official X account for Google Cloud’s Mandiant incident response group and the @SECgov account have highlighted the need for stronger security measures. Both organizations were not using multifactor authentication (MFA), which could have prevented the unauthorized access to their accounts.

Mandiant explained that usability problems and a change in X’s MFA policy had left their account vulnerable to a brute-force password guessing attack. The company acknowledged that the absence of MFA had contributed to the security breach.

Similarly, the SEC attributed the account takeover to a SIM swapping attack, which allowed the attacker to trigger a password reset and take control of the account. The SEC revealed that employees had requested the disabling of MFA for its official X account due to accessibility issues, a decision that ultimately contributed to the security breach.

The incidents have reignited discussions about the best practices for securing corporate social media accounts. Many organizations now use social media management platforms, such as Hootsuite and Sprout Social, to facilitate easier scheduling, cross-posting, and delegated access across multiple employees.

Tobac recommended using group password managers and group MFA through password managers for added security when using social media management platforms. She also advised against tying phone numbers to social media accounts to block the use of SIM swapping attacks.

The SEC’s failure to use MFA has received criticism, especially considering that the agency enforces MFA requirements for the publicly traded companies it regulates. Furthermore, the decision by X CEO Elon Musk to deactivate SMS-based MFA for nonpremium accounts has been questioned by security experts, who argue that all multifactor authentication should be free, accessible, and easy to use.

The recent account takeover incidents serve as a reminder of the importance of implementing strong security measures for corporate social media accounts. As fraudsters and scammers continue to target high-profile accounts, organizations must prioritize the use of multifactor authentication and robust password management tools to minimize the risk of unauthorized access and fraudulent activity on social media platforms.

Source link

Latest articles

ModHeader Chrome Extension Exposes 900,000 Users to Possible Browsing History Theft

Security Vulnerability Unveiled in Popular Chrome Extension ModHeader A significant security vulnerability has been identified...

Bipartisan House Bill Advocates for AI in Pediatric Cancer Care

A newly proposed bipartisan legislation in the United States aims to significantly accelerate the...

Progress Software Issues Warning About External Security Threat to ShareFile

Data Security Threat at Progress Software Underscores Vulnerabilities in File Storage Solutions The recent alarm...

Governments to Enterprises: Enhance Your Router Security Practices

Cybersecurity Vulnerabilities Rise as Actors Exploit Cisco Flaws Recent reports have highlighted a concerning trend...

More like this

ModHeader Chrome Extension Exposes 900,000 Users to Possible Browsing History Theft

Security Vulnerability Unveiled in Popular Chrome Extension ModHeader A significant security vulnerability has been identified...

Bipartisan House Bill Advocates for AI in Pediatric Cancer Care

A newly proposed bipartisan legislation in the United States aims to significantly accelerate the...

Progress Software Issues Warning About External Security Threat to ShareFile

Data Security Threat at Progress Software Underscores Vulnerabilities in File Storage Solutions The recent alarm...