By Chester Wisniewski
It would appear that 2014 is starting off on a sour note for the folks in Microsoft’s social media team. The Syrian Electronic Army (SEA) appears to have compromised Skype’s Twitter account. Skype was acquired by Microsoft in 2011.
There is evidence to suggest they were able to gain access to Skype’s Facebook and WordPress blogs as well, likely indicating either shared passwords or perhaps compromise of Skype employees’ email accounts.
This isn’t entirely surprising as the FBI had issued a warning on Christmas eve to media organizations about a new wave of phishing attacks associated with the infamous SEA.
Skype has more than 3 million followers on Twitter, which indicates that, had the attackers wanted to send out malicious links or other dangerous content, this could have been a whole lot worse.
What I would like to know is why on earth a company social media profile with over 3 million followers would not be using two-factor authentication.
Earlier this year Twitter rolled out an improved two-factor solution seemingly in response to previous attacks by the SEA.
WordPress offers two-factor authentication and Facebook has supported two-factor authentication for a couple of years now, all in an attempt to prevent this exact type of attack.
Microsoft, would you care to explain why you apparently are not using it?
I believe it is the responsibility of organizations with a large number of followers to do whatever they can to secure their profiles.
I suppose this can be a lesson to the rest of us. Take advantage of the safety net of two-factor authentication whenever possible. While it may be less than perfect, so are you.
About Chester Wisniewski
Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. He wrote this for the Sophos Naked Security blog. Sophos is headquartered in Oxford, UK, www.sophos.com.
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry’s lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs – a global network of threat intelligence centres.
