The solution Twitter (and every other big tech company) needs

On July 15th, 2020, the Twitter accounts of some of the platform’s most famous and influential users, including President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple, were hacked.

 

 

While the clear external intent of these hacks was to acquire Bitcoin, the hackers may have also gained access to these users’ DM’s and other personal information.
According to the preliminary report on the attack, it appears the hackers coordinated social engineering attacks that successfully targeted some Twitter employees with access to internal systems and tools. While the story is still developing, one source stated that a Twitter employee may have been paid off to give hackers access to a tool that provides deep control over high-profile Twitter accounts.
Imagine if the hackers would have Tweeted something more dangerous from these accounts.
Imagine what information the hackers now have if they were able to access DM’s (remember the Bezos hack on WhatsApp?).
Although we can’t say for certain at this time, the Twitter hack may have resulted, in part, from centralized credential/identity storage and internal threat – both of which present enormous problems and security vulnerabilities. This type of storage is a treasure chest of credentials and information that can lead to a myriad of different hacks and attacks.

 

What is Centralized credential/identity storage? It’s a treasure chest of goodies!

Think about it like this – you have a steel room where you store everyone’s credentials (usernames and passwords). You keep adding layers and layers of steel, as well as other security measures, but you still need to have a few doors to be able to access the information.
As you add more and more credentials, the value of the stuff in the room increases, making it a more lucrative target for hackers.
Some people have the keys to the doors, making them a target. Rather than breaking into the room, hackers just need to convince (or trick) someone to open the door for them.
It sounds so obvious, yet this outdated approach of centralized storage of sensitive information is still used widely by many of the largest companies in the world!

What “goodies” were the hackers after? Passwords.  

Accounting for over 80% of all data breaches, passwords remain the Achilles heel of data protection. Where there is a password, there’s a vulnerability, which is why a movement for passwordless identity is emerging.

A better, safer approach

We believe that the best way to prevent such attacks, and to provide the privacy and security that people deserve, is through zero-knowledge identity that is stored and secured by 2FA at the endpoints and password-free authentication. This approach eliminates impersonation and reading/posting of content and messages.
We’ve developed and patented technology that does just that. Today, we use our technology to power our secure communication app called LockDown. You can get the app on iPhone and Android. Our Mac and Windows version will be released by the end of the month.
As for solving Twitter’s problem – we’d welcome the conversation! We can help!

 

Additional articles:
CNBC article
CNBC article
The Verge article (and graphic credit)

 

Want to stay up to date with breaking news, security tips and the latest updates on LockDown? Enter your email below.
  • This field is for validation purposes and should be left unchanged.

A.J. Auld, CEO of LockDown, is a versatile entrepreneur, experienced in turning complex technologies into successful businesses. At LockDown, A.J. is bringing revolutionary encryption technology to market in the form of an intuitive, easy-to-use communication platform for sharing confidential information with more control and security than ever before. Prior to LockDown, A.J. founded several successful companies including Distributed Alpha, a Blockchain/cryptocurrency investment firm; Bright Discounts, a fundraising company; and Titanium Lacrosse, a sports management company, which was acquired in 2015. A.J is a Columbus Business First “Forty under 40” awardee and received a degree in Finance and Entrepreneurship from Miami University.

Recent Posts

Why every HR team needs stronger communication security…now

A staggering 91% of data breaches occur at the communication layer – with email being the primary source. While some breaches are caused by phishing attacks, many information leaks result … Read More

What happens when you click delete?

Wouldn’t it be great if your data was erased when you click delete? This might sound like an odd question. The assumption when deleting a picture, video, document or account, … Read More

Working at a Cybersecurity Startup: An Intern Perspective

Ari Kesler LockDown Intern 2020   This past summer I completed an internship with LockDown, “an all-in-one platform to easily store, share & communicate confidential or sensitive information with complete … Read More