Information Technology Case: Twitter Data Breach
SOUTHERN NEW HAMPSHIRE UNIVERSITY
Student: James L. Bradden
Professor: Pamela Boyett
Date: 10 October 2020
4-2 Final Project Milestone Two: Case Analysis and Incident Impacts
Twitter Data Breach
The case involves a hack that hit several individuals with high profile users such as Elon mask, Jeff Bezos, U.S presidential candidate Joe Biden, Apple, and Uber, to mention a few. The organization suggests that the hack was a result of a well-planned social engineering attack. The attack was called a horror since the world’s most influential individuals had their accounts hijacked (Salahdine & Kaabouch, 2019). The hack involved fake tweets that were suggesting that any amount of bitcoin sent to a link provided in the tweet would be sent back double the amount. Unlike the previous attacks on Twitter, which mainly targeted a single account, this attack targeted the account holders themselves. It had the possibility of affecting all accounts since it gets to the internal backend of the system.
According to Twitter, some of their employee’s personal devices led to this, creating vulnerability to the main system where hackers were able to gain access to the internal tools leading to the breach. One of the ethical issues within the Twitter organization is that some of the employees were used by the hackers to do all their activities for the attack, which shows a lack of employees’ trustworthiness in the organization. It was found that an internal employee was used in this hack to reset involved email locations of hacked accounts to complicate the process of the account holders regaining control. Lack of proper employee training of the organization’s policies and regulations is another ethical factor that could have led to this attack.
One of the legal compliance issues within the Twitter organization is that it has poor data loss prevention, which reduces the possibility of losing data by limiting access to sensitive information. According to the organization, it was one of its employees who had assisted the attackers in accessing the system tools where the hacker was able to access all information that was unrestricted to the employee. The organization requires beginning sensitive sorting information such as personal data and intellectual property and making sure that all employees have access to the information they require to avoid cases where the employees can leak sensitive data to outside attackers (Mubarak, 2016). After a thorough investigation, the organization reported that hackers had accessed the private direct message and used the account takeover to promote the bitcoin scam, which resulted in individuals sending around $120,000 cryptocurrency to a digital wallet address attached in the messages.
As an organization that has faced a number of attacks, it has since then ensured that it has further secured its network via the installation of additional firewalls and malware software. Though this is a good start, these security measures are not effective if employees are connecting their personal devices to the network. Most users have stored passwords, which would make it easier for hackers to access that information in order to gain unrestricted access to the organization’s protected data. Additionally, allowing employees to access the organizational network via public networks using their personal devices is not a good practice. This lack of proper work from home guidelines is another weakness that the hacker could have exploited. Working from should require a level of security in which the employee can gain access to organizational information via a VPN.
Recent research shows that more than 22% of internet users in America use Twitter, whereby around 8% of the amount are teens. With regard to gender, males have a higher likely hood of actively using Twitter than women. From this information, it is clear that in cases where Twitter is attacked, such as the bitcoin case, males and teens are the ones who are most impacted by the breach.
4-2 Final Project Milestone Two: Case Analysis and Incident Impacts
According to Twitter, the recent data breach took place through a well-coordinated social engineering strategy to persuade the organization’s employees to give the hackers direct access to the main system. By using an attack known as “phone spear phishing,” the hackers were able to prompt the employees to give them the information required to access the system. At present, Twitter is still working on data breach issues. This incident had the most significant impact on the legal and ethical information technology regulations of the present time. This is the third security breach that has taken place on Twitters’ network since the organization made the 2011 decree consent with the federal trade commission due to weaknesses in their security activities.
Twitter serves to improve public communication between individuals with rules in place to make sure that all users take part in public conversation freely and safely. This is similar to the IT standards that focus on system and data security to ensure that services delivered are efficient to provide customer satisfaction while reducing competition in this ever-growing field. Twitter standards ensure that there is quality management for the content made public as a major security responsibility. In the current, highly competitive social media sector, Twitter has strived through continuously improving its operations to gain a competitive edge over their competitors. Like the standards of information technology, Twitter standards ensure that there are several legal, contractual, and regulatory compliances in place regarding their data security management systems. Although Twitter has very standardized views as a business, there is a misappropriation of security-related standards required in the protection of user information. In the past several years, the organization has been faced with many instances where user information was at risk. The failure of Twitter to adequately protect system access is what led to the breach, such as the current incident causing significant brand and reputation damage, which had destructive financial results. Adhering to network security standards, the implementation of proper access controls, and reliable system technology allows for the immediate mitigation of vulnerabilities and the reduction of data loss.
The data breach that took place on Twitter has had some cultural impacts on information technology, cyber communication, and commerce. Organizations that have had similar experiences have adopted new requirements such as the frequent changing of passwords and identity monitoring, among other activities. Most web-based businesses have started to notice that they have to improve their information security to eliminate or reduce the possibility of data loss (Juma’h & Alnsour, 2020). After the Twitter data breach, organizations have started providing employee security awareness training to better prepare them on how to recognize and react to suspicious emails, as well as, to protect their personal information.
Juma’h, A. H., & Alnsour, Y. (2020). The effect of data breaches on company performance.
International Journal of Accounting & Information Management.
Mubarak, S. (2016). Developing a theory-based information security management framework for human service organizations. Journal of Information, Communication, and Ethics in Society.
Salahdine, F., & Kaabouch, N. (2019). Social engineering attacks: A survey. Future Internet, 11(4), 89.
Syed, R., & Dhillon, G. (2015). Dynamics of data breaches in online social networks: Understanding threats to organizational information security reputation.