Express Computer
Home  »  Internet  »  Twitter beefs up security for internal tools from potential misuse

Twitter beefs up security for internal tools from potential misuse

0 268

To further secure its internal tools from potential misuse after the massive crypto hack in July, Twitter has rolled out phishing-resistant security keys, requiring its team to use them when authenticating to systems around the world.

The move, the company said, is to help reduce the risk of an unauthorised third-party gaining access to Twitter internal systems using compromised employee credentials.

The July 15 hack resulted in Twitter profiles for celebrities, executives and public figures sending out tweets advertising a bitcoin scam.

Twitter then admitted that the hackers “targeted a small number of employees through a phone spear phishing attack,” that “relies on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”

The micro-blogging platform said this week that it has beefed up its access management processes and authentication systems.

“To further secure our internal tools from potential misuse, we have been strengthening the rigorous checks that team members with access must undergo. This also helps reduce the potential for an unauthorised person to get access to our systems,” Twitter CTO Parag Agrawal said.

He said that internal detection and monitoring tools “are constantly being improved, even since the July incident, to include things like expanding our detection and response efforts to include suspicious authentication and access activity”.

In addition to requiring security and privacy and data pProtection training for all newly hired Twitter employees, the company has introduced new courses and increased the frequency and availability of existing courses for all employees.

“For example, we introduced two new mandatory training sessions for people who have access to non-public information. These trainings make clear the dos and don’ts when accessing this information and ensure employees understand how to protect themselves when they are online so they can better avoid becoming phishing targets for attackers,” Agrawal explained.

By targeting specific Twitter employees in July, the hackers were able to gain access to internal Twitter tools and targeted 130 Twitter accounts, tweeted from 45 of them, accessed the DMs of 36 accounts, and downloaded the Twitter data of seven.

In addition to existing security training courses, Twitter said it has also enhanced training content on secure coding, threat modeling, privacy impact assessments, and privacy by design.

“We are continuing to invest more in the teams, technology, and resources to support this critical work,” it added.

–IANS

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image