This weekend, the top American cybersecurity diplomat dismissed the fact that his Twitter account had been hacked. He described the incident as “part of the perils of the job.”
Though it is unclear who was responsible for the hack, or even if any unauthorized posts were even made, Nate Fick – who was named in June to lead the newly formed Bureau of Cyberspace and Digital Policy – simply noted, “My account has been hacked. Perils of the job…”
Fick is a Marine Corps Veteran and was the former chief executive at cybersecurity company Endgame Inc. He also noted that he uses this personal account very rarely, but that his work is promoted via an official State Department account.
Roger Entner from Recon Analytics, an analyst in technology and industry said “Nobody’s safe from being hack or using an easily-crack password.”
It is not clear how Fick’s account was hacked or the security measures he took. This serves to warn that any person can become a victim of an attack like this.
Although social media accounts can cause serious issues, they are frequently underrated by organizations and individuals. Hackers can change account recovery emails and numbers, locking out account owners. It can prove difficult for the average Joe to resolve this issue as most social media platforms use automated processes to confirm and recover accounts. “These are not always possible because attackers have altered the recovery information.” Erich Kron, KnowBe4’s security awareness advocate, warned.
What’s the harm?
Although it appears that there have not been any malicious tweets in this instance, that’s not always true. Hacking a social media account could have more serious consequences than just sending offensive tweets.
Kron explained that attackers can access direct messages from the account and use it to launch social engineering attacks against followers by taking control of the account. A real account, unlike look-alike ones, has an associated trust that makes social engineering strategies more successful, particularly if it is an official or well-known account.
These hacks could have been caused by Fick using the personal account less frequently. This is why it’s important to remind that accounts can still be active even when you “take a break” or leave social media. Even though a user has stopped posting, it doesn’t necessarily mean that they are less likely to be targeted.
Likewise, these can be out of sight and thus completely out of mind – until it is too late. Even if you only use a few social media sites, it’s important to maintain the same security level as your daily accounts.
Kron said, “To protect accounts, users should use a unique password, that is, if possible, complex, and enable multi-factor authentication (MFA).”
This extra step can also help identify if someone has attempted to log in to an account – even if it isn’t being actively used. MFAs can be sent as an email or text request and are used to alert you of any unauthorized activity.
Kron noted that MFA does not provide a solution to all attacks, but it could add an additional layer of difficulty. He also warned against using common passwords on social media accounts. Because people reuse passwords in different places, credential stuffing can be used to steal usernames and passwords from social media accounts.