Improve Twitter passwords, experts warn after minister’s account hacked
Northern Ireland secretary Chris Heaton-Harris apologised after “some deeply unpleasant stuff” was posted to his account.
The hacking of public figures’ Twitter accounts does not mean the social media giant has major internal security problems, cybersecurity experts have said, but they have urged users to improve their account security.
The Twitter account of Northern Ireland Secretary Chris Heaton-Harris has become the latest to be compromised as a string of offensive messages was posted before being deleted. It comes only days after the Twitter profile of Education Secretary Gillian Keegan also fell victim to hackers.
In a string of high-profile hacking incidents, Piers Morgan’s account has also been compromised in recent weeks.
In the wake of Elon Musk’s takeover of the social media platform and the departure of around half the company’s staff amid a ‘chaotic’ staff restructuring, there have been concerns raised over the strength and responsiveness of Twitter’s security systems.
But cybersecurity experts have suggested that the biggest direct security threat to users is not in fact any internal issues at the company, but not taking their own personal account security seriously.
Research has shown that many internet users reuse passwords or use simple and easy-to-guess phrases for their login details.
Javvad Malik, lead security awareness advocate at KnowBe4 acknowledged that former Twitter head of security-turned-whistleblower Peiter Zatko had painted a “very unflattering picture” of Twitter’s security controls in a disclosure last year – which had claimed the site had a number of vulnerabilities – but argued individual user security was the key issue.
“That isn’t to say that Twitter is much worse than many other social media or cloud providers. It’s just among the most visible. And that visibility is what paints a huge target on its back,” he said.
“When we hear of Twitter accounts being compromised, it’s not necessarily due to some technical issues within the platform.
In response, he encouraged Twitter users to think more carefully about how they secure and use their accounts.
“All accounts, but particularly prominent ones, need to be mindful of what they post on Twitter, especially in private DMs,” he said.
“They should use a unique and strong password, and enable multi-factor authentication.
“Additionally, any access to third-party apps should be regularly reviewed and revoked when no longer required.
“Finally, they should be mindful of any communication which appears to be originating from Twitter and not click on links in emails, but rather directly go to Twitter and take any required action.”
“Although the leak does raise questions about how fast Twitter is able to identify vulnerabilities, we think users can be reasonably confident in its cybersecurity,” he said.
Twitter is a business with plenty of resources and has historically had sophisticated cybersecurity.
“That the leak coincides with the ownership chaos of the last few months at Twitter seems more like a case of coincidence or bad luck than one of a decline in its security capabilities.”
Responding to the hack of his account, Northern Ireland Secretary Mr Heaton-Harris said: “I’m afraid my Twitter account was hacked overnight and someone posted some deeply unpleasant stuff on my account for which I can only apologise.”