Facing the Risks of Social Media Account Takeovers

Social media is playing an increasingly important role in global business marketing strategies – and for good reason. Social media has helped build international brand awareness, provide a new level of customer support and launch new products and ideas quicker than ever before.

However, as quickly as social media can build a global brand, it can tear one down at the hands of malicious insiders or hackers. And there’s money in it too. A recent report from Rand Research suggests that stolen Twitter accounts are now worth more than stolen credit cards. As cybercriminals become more sophisticated, they are also becoming more adept at stealing social media credentials and taking over accounts. We witnessed this from the hacks of several global organizations over the last year. For businesses, account takeovers can lead to the unauthorized publishing of confidential information, such as intellectual property, legal, regulatory and compliance violations, disclosure of personal data and identity theft. The results can produce lasting, compromised brand reputations and significant financial losses.

With more frequent attacks of this nature, it’s time for organizations to take a closer look at how they manage their social media accounts. The thought that “it won’t happen to me or my business” will cost everyone in the long run. It’s imperative that we take measures now to prevent hackers – as well as disgruntled employees or associates – from hijacking accounts and posting damaging content.

Social Media Hacks Are on the Rise

When a corporate social media account is compromised, unauthorized content can be viewed by millions of people across the world within seconds, causing untold damage.

For instance, in April of 2013, hackers (supposedly from the Syrian Electronic Army) accessed both the Associated Press’ (AP)and FIFA World Cup’s Twitter accounts. A single tweet from the APTwitter handle resulted in a $136.5 billion drop in the S&P 500 index’s value in minutes. The AP was able to trace the attack to one of its employees that may have inadvertently given away company passwords in a phishing scheme by hackers. For FIFA, they suffered diminished organization reputation over a tweet that suggested the decision to award Qatar the 2022 World Cup had been a result of monetary exchanges.

Burger King’s Twitter account was also targeted and compromised earlier in the year. During the hack, the company’s account was made to look like McDonald’s with a post that said Burger King had been sold to McDonald’s. This attack served as a wakeup call for all organizations that hackers are on the prowl for access into social media accounts. In fact, a day after the Burger King incident, a similar attack – possibly by the same group behind the food chain’s attack – occurred on the official Twitter page for Jeep, citing that the company was sold to Cadillac.

These hacks were caused by external groups, but there can be equally damaging incidents caused by people inside an organization that at one point were given authorized access to a company’s social media accounts. This happened to HMV, an entertainment retailer based in the UK, after the company let go of a large number of employees. One disgruntled laid-off employee, who was formerly HMV’s social media manager, took advantage of her access to the company’s Twitter account before officials realized she still had access. Her unauthorized post called attention to what she labeled as the company’s “mass execution of loyal employees who love the brand.”

The Overlooked Threat: Shared Privileged Accounts

It is easy for hackers to hijack global social media accounts because of the sheer volume of accounts of this type and the large number of people managing them. Enterprises have hundreds of social media accounts on Twitter, Facebook, YouTube, LinkedIn and other outlets with unique accounts for different product lines, languages, countries and stakeholders (such as consumers, partners and stockholders).

These accounts are typically set up as shared privileged accounts, meaning teams of people throughout an organization, distributed across the world, can post information to these accounts on a daily, hourly or even more frequent basis. The passwords for these are often shared among the teams, making them easy targets for hackers and malicious insiders. In addition, there is no record or accountability for each individual’s posts, leading to further challenges in securing and managing social media accounts.

Because people posting on social media accounts don’t typically have access to financial or customer information that is traditionally deemed of high value, the security on these accounts is often lax, with little management and control of the passwords. Companies may not know who has access to their social media accounts or the passwords on the accounts. To make matters worse, the same password is frequently used across multiple accounts, and the passwords are rarely changed.

Lax security opens the door for rogue current or past employees (as seen in the HMV example) or social media agency members that are disgruntled. As hackers become more sophisticated and more organized they can essentially compromise any system that is lacking proper security. Hackers use multiple methods of intrusion including dictionary attacks, social engineering, software or social media applications. For instance, the use of Twitter and Facebook accounts can introduce additional risks, as these platforms may provide hackers with access to valuable data such as passwords, APIs or other sensitive information.

Mitigate the Risk of Social Media Breaches

Social Media Management Systems are often adopted by organizations to manage social media accounts, however these solutions are built as management tools, forgoing the necessary security measures on privileged user access. These solutions leave organizations vulnerable due to the continued use of static passwords and multiple users. In order to properly secure and protect social media accounts, they should be viewed as privileged accounts, and best practices for privileged account security must be employed to mitigate the risk of compromise.

The following preventative measures must be adopted to secure social media account access and protect an organization’s brand.

Securely store credentials: Protect social media credentials from being stolen by storing passwords for the accounts in a secure place. This will reduce the ability of hacker organizations to take over social media accounts.

Enable transparent access: Allow authorized users to seamlessly authenticate to the account without knowing their passwords, making it difficult for hackers to discover and steal credentials. Utilizing an agent-less technology securely exchanges passwords without requiring an agent on the cloud applications.

Eliminate shared credentials: Storing passwords in a digital vault requires users to log in individually for access, eliminating the accountability challenges of shared credentials.

Automate and enforce password changes: Ensure that each password is changed on a regular basis. Passwords can be changed as frequently as after every use. Regularly updating passwords reduces the chance of an outsider stealing and using a valid credential.

Trace account activity: Create a record of activity on social media accounts to trace all posts directly back to an individual authorized user. This helps identify weak areas of security and identifies rogue employees that may be posting damaging content.

Record social media administrator sessions: Record social media account administrator sessions to provide further proof and an audit trail of exactly who did what within an account.

The threat to global organizations and social media is real, it’s evolving, and the risk is increasing. Preventing account takeovers through shared privileged accounts is imperative and necessary. Privileged Account Security solutions play a critical role in protecting access to social media accounts thereby preventing embarrassing incidents that can result in brand damage.

About the Author: John Worrall is the Chief Marketing Officer at CyberArk, responsible for the company’s global marketing efforts including product marketing, branding, corporate communications and all lead generation activities including the inbound, channels and field marketing.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Organizations rely on application innovation, particularly API-driven applications, to fuel their business transformation and growth. Attackers know this and are constantly looking for ways to find the unfindable and break the unbreakable. They’ve got tools, motivation, and time on their side.