Twitter email account hack was multi-vectored but tapped into poor security safeguards says Imperva

(PresseBox) ( Burlington, MA/Redwood Shores, CA, )
The hacking of a Twitter senior executive's email account was the result of a complex series of events but, says Imperva, the data security specialist, was the end result of a combination of poor security practices and safeguards.

"As expected, the modus operandi of the hacker that emailed the Twitter planning documents to TechCrunch has now been revealed, and it shows that it is possible for a hacker to retrieve an account password for a legitimate user's cloud-based email service," said Amichai Shulman, Imperva's chief technology officer.

"If you examine what actually happened, it's clear that the security system for retrieving an account password in the cloud needs to be every bit as rigorous as a customer calling, for example, their bank and identifying themselves over the phone," he added.

According to Shulman, people using cloud-based services are happy to respond to 'secret questions' such as "your childhood hero", "your pet's name" and "your mother's maiden name."

Whilst these answers, he says, are likely to be unique and relatively difficult to guess on a purely random basis, they can often be second guessed by careful observation of a person's social networking site records, which then paint a very good picture of someone's likes and dislikes.

"Because of these security shortcomings - which legal professionals may yet argue about in court if Twitter does decide to sue those concerned for publishing the data - the big question is who is to blame for this highly public account hack?"

Is fault of the email service provider or Twitter, or the senior manager concerned? says the Imperva CTO.

Or is it, as we surmise, a combination of circumstances and security failures that have conspired to create the situation?

The reality of the Twitter email account hack, says Shulman, is that the hacker exploited a complex set of security shortcomings to reach his goal of gaining unauthorised access to the documents in question.

"Companies should take note of this risk and plan their security safeguards accordingly. Today, most companies haven't properly considered the implications of employees using social networking and the information," he said.

For more on the Twitter email account hack:

For more on Imperva:
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an