Nathaniel Fick, the US’s first “ambassador-at-large” for cyberspace and digital policy, Tweeted last week that his personal Twitter account had been hacked.
My account has been hacked. Perils of the job…
— Nate Fick (@ncfick) February 5, 2023
Note
- This is a good one to show to CEOs and boards to reinforce that they are also likely targets. “Hacking” a Twitter account usually means that the person’s email address and password were obtained in some other breach and the bad guys tried that combination on Twitter. Remind them (or do it for them) how to do a “Have I been pwned?” check and when the answer is yes (as it always is) what to do from there – ideally move to 2FA, minimum change the password.
- This isn’t just a thought exercise: make sure you’re enabling whatever strong authentication options are available, not just for high visibility accounts like this but also personal ones. Those are going to be targeted to see if a trust relationship with the visible account can be exploited. Make sure you’re not overlooking abandoned accounts which you never got around to canceling. Ring up those in your organization with these types of accounts and make sure they understand this and know you’re looking out for them, just in case something got lost in translation.
- Let this be a reminder to all of us that good cybersecurity hygiene means more than bank accounts and email!
- Twitter offers optional MFA. One wonders if he was using it.
Read more in
