Credit: Michael Kan
Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.
It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.
The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.
A hacker who goes by the name WauchulaGhost noticed the problem and began tweeting about it. He found that the @POTUS account was secured to a Gmail address that, although partially redacted, could be guessed as belonging to a Trump aide in charge of social media.
The hacker found the same issue with the Twitter accounts for the vice president, the first lady and Trump’s press secretary, all of which were also secured with Gmail addresses.
“It’s not hard to figure the emails out from there,” WauchulaGhost tweeted. “Once the email is exposed, there is a chance it can be compromised.”
Change your security settings
Exposing your email address to the public may seem harmless. But for government officials or business executives, it can be asking for trouble.
That’s what happened in last year’s election. An aide to presidential candidate Hillary Clinton was hacked by suspected Russian cyberspies through a phishing attack sent to his Gmail address. His emails were eventually stolen and leaked to the public.
A hack can be even more devastating if it affects a high-profile Twitter account. But anyone can be a target of such attacks, said Felix Odigie, CEO of Inspired eLearning, a company that specializes in security awareness training.
“People don’t really believe these threat actors are real, or they don’t believe it’s going to happen to them,” he said. “But it’s probably only a matter of time, before you get hit at some point.”
To prevent exposing your email address over Twitter, you can go into your account’s security settings and click “Require personal information to reset my password.” That’ll force anyone trying to reset your password to enter the correct email address or phone number to continue.
Use two-factor authentication and secure IT monitoring
Securing a presidential Twitter account with a Gmail address highlights another problem: Why are White House officials using third-party email providers?
Sign up for CIO Asia eNewsletters.