18 Jul Twitter Sends Its Employees Back To School For Cybersecurity Training

Post hack classes to focus on social engineering attacks

–Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Jul. 18, 2020

In the wake of a hack targeting 130 user accounts, 45 of which were compromised allowing hackers to initiate a password reset, login, and send Tweets, Twitter, Inc. (NYSE: TWTR) announced they are providing additional training to its employees in order to guard against social engineering tactics.

Last summer, the headline news surrounding Twitter was a “Hack on @Jack,” its CEO Jack Dorsey, who fell victim to a SIM Swap attack.

The latest cyber intrusions to hit Twitter involve high profile accounts owned by Bill Gates, Elon Musk, Jeff Bezos, Kim Kardashian, Apple, and dozens of others.

A new update from Twitter on the security incident, which they detected on July 15, sheds details on what happened, and what the social media giant is doing about it.

We’re sharing a blog post that collects the latest on our investigation. It reiterates what we’ve already shared here, and includes a few new findings. https://t.co/8mN4NYWZ3O

— Twitter Support (@TwitterSupport) July 18, 2020

If you think that humans are the weakest link in security, then you don’t have to think again. The perpetrators pulled off a social engineering attack — talking their way into the user accounts by manipulating Twitter employees into divulging confidential information.

“The bad actor(s) used social engineering to pwn Twitter and get access to their admin tools/panels,” tweets Kevin Mitnick, often referred to as the world’s most famous hacker, Chief Hacking Officer at KnowBe4, and author of the book, “The Art of Deception: Controlling the Human Element of Security,” a best-selling insider’s view of the low-tech threats to high-tech security. 

Shock, horror! The bad actor(s) used social engineering to pwn twitter and get access to their admin tools/panels.
It looks like @Twitter can use
some security awareness training to mitigate future attacks.
The human is always the weakest link.
I think I heard that somewhere. 😉 https://t.co/BTvRDxq5ga

— Kevin Mitnick (@kevinmitnick) July 16, 2020

The Twitter post names four steps the company is focused on in the aftermath of the breached accounts. The last but not least is “Rolling out additional company-wide training to guard against social engineering tactics to supplement the training employees receive during onboarding and ongoing phishing exercises throughout the year.”

Time will tell if Twitter can effectively train its employees on security to build the human firewall it desperately needs.

– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.