It’s no longer news that the world witnessed a high-profile cyberattack on Twitter this week, a development many described as the latest and most significant breach in the social-media company’s history.
Though the hack, which is currently being investigated by the FBI, apparently targeted mainly celebrities, politicians and billionaires like Barack Obama, Bill Gates, Elon Musk and Kanye West among others, by making their accounts post tweets they didn’t compose, it raises questions about the security of Twitter for everyday users.
According to a Wall Street Journal, below are guides for Twitter users concerned about whether it’s safe to stay on the platform:
What happened in the hack?
* Twitter said it believes the hackers carried out their attack by targeting employees who had access to the company’s internal systems and tools. In response, the company also restricted some users’ ability to tweet or reset passwords, among other account actions. The company on Thursday said its investigation is continuing.
How can everyday users enhance the security of their Twitter accounts?
* One way is to implement two-factor authentication, which requires a user to input a password and a security key as an extra layer of security to log in.
To do this for Twitter, click “more” on the side menu, then “settings” and “privacy.” Tap “Two-factor authentication” and choose either text message, authentication app or security key.
Keep in mind this won’t help much, though, if the entire platform is hacked. Twitter said Thursday it had no evidence that attackers accessed passwords and didn’t believe users needed to reset their passwords.
Users of Twitter or any online platform should plan ahead in the event of a hack, said Sean Kanuck, chief of consulting firm Exedec International LLC and former U.S. national intelligence officer for cyber issues. For example, consider creating a list of emails or phone numbers for key people in your network to quickly alert in case of a breach.
He also recommends taking screenshots of any tweets or direct messages that you want to keep secure.
For users still worried about security, forgoing Twitter might make sense, Mr. Kanuck said.
“There is no such thing as a fully secure computer, app or network,” he said. “Ask yourself, what is your risk tolerance? What’s at stake?”
If hackers were able to access people’s direct messages, would end-to-end encryption help protect Twitter users?
* End-to-end encryption prevents anyone from seeing users’ messages other than the recipient, including the platforms on which they’ve been sent. The technology can be found in apps such as Facebook Inc.’s WhatsApp and Apple Inc.’s iMessage, but Twitter’s direct-messaging system doesn’t have it.
Twitter has said it was investigating whether hackers accessed users’ information beyond making bogus posts.
That said, one way Twitter users can safeguard their messages from landing in hackers’ hands is to delete them as soon as they’re no longer needed, said Jeremiah Grossman, chief of Bit Discovery Inc., a firm that provides digital asset inventory services.
Twitter has the ability to access those messages, as well as any third-party applications to which a user has granted account access, he said. But once deleted, it would be difficult for most hackers to see them.
Will the most recent hack change how companies, public agencies, organizations or individuals use Twitter?
Cybersecurity analysts say the social-media platform is likely to learn from the incident and improve platform security following the hack. That could help bolster confidence of users, which range from companies to public-safety agencies, that rely on Twitter to share information with the public.
Mark Ostrowski, head of engineering at security firm Check Point Software Technologies Inc., said he expects Twitter to ramp up employee training on how to avoid phishing scams as well as to reduce the number of employees with access to information of value to hackers.
Late Wednesday Twitter said it was moving in this direction, tweeting: “Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing.”
Given the popularity of social-media platforms—Twitter had 166 million daily users as of the first quarter of this year—it’s unlikely that people or businesses will stop using them, said Mr. Ostrowski. “It’s a tough thing to change overnight,” he said. Social media has “become part of our daily routine.”
An exception might be users who are sensitive to privacy, such as advocacy groups, schools and law enforcement. These groups will likely be more careful moving forward.
