Experts concerned about Twitter’s ability to tweet on behalf of users

Cybersecurity experts warn that the July 15 Twitter hack shows that the social network needs to strengthen its security to avoid a worst-case scenario of black swan with serious consequences.

In the most recent incident, attackers launched a Bitcoin Loophole by posting phishing messages through the abducted profiles of celebrities and high-ranking political figures around the world, collecting more than 13 Bitcoin (BTC) from victims.

They will give a talk on preventing crypto scams

The attack could have been worse
Ilya Sachkov, CEO of the threat intelligence company Group-IB, believes the attack demonstrated a „huge problem of low financial literacy and poor cyber hygiene. He told Cointelegraph:

„This could have ended much worse, strongly affecting the stock market or even resulting in a geopolitical catastrophe. This is the least they could have done with the God-like access they had.“

James Carder, chief security officer and vice president of LogRhytm Labs, said that in the midst of international efforts to contain the coronavirus outbreak, hackers are „quickly taking advantage and exploiting the uncertainty of this moment“ for their financial gain.

Hacking on Twitter: Obama, Uber, Biden, Gates, Bezos, Kanye West and Many More Continue to Fall

Carder said experts need to assess how the attack was possible and noted the need to strengthen social networking platforms in terms of privacy:

„This hacking also raises concerns about why Twitter gave its employees tweeting functionality on behalf of its customers in the first place. It is clear that social networking organizations need the ability to manage accounts, and in particular the ability to remove offensive or inappropriate content, employees should not have access to post a totally unique tweet on behalf of a user. This points to a likely case of too much functionality available on the platform and insufficient robust controls.

The risk of another incident remains high
Brett Callow, threat analyst at the Emsisoft malware lab, said that subsequent security efforts taken by Twitter are probably not enough to exclude the possibility of another such incident in the future.

Kryptomoney Scams Reach New Spikes in 2020 with USD 24 Million Stolen So Far

„While Twitter will certainly work to improve your security, the fact is that there is no completely safe way to prevent accounts from being taken and similar incidents from almost certainly happening again, although hopefully not on this scale,“ he said.

As Cointelegraph reported earlier, the hackers who carried out the mass Twitter hijacking do not appear to be sophisticated Bitcoin users, as they left traces leading to the major exchanges that presumably contain the keys to their identities.