Obama Campaign Twitter Account Hacked – Privileged Admin Credentials Exploited

November 4, 2013 CyberArk

For those of us in the information security business, there are two interesting parts of the attack last  week on the Obama Campaign’s Twitter account.

First, social media accounts need to be treated the same as other shared admin credentials like “root” and “sysadmin”.  Social media admin accounts have incredible levels of privileges, such as complete control over content and the ability to delegate administrative privileges with unknown users.  These accounts are also oftentimes shared by many users, including employees, agencies or contractors hired to manage social media programs. A privileged identity management solution that protects the credential and creates accountability is a must.  What’s more, real-time monitoring needs to be in place so that at the first sign of trouble, the organization can respond immediately.

Second, the attack on President Obama’s campaign Twitter account highlights that applications (like link shorteners) that interface with Twitter, Facebook and other social accounts can also be an attack vector.  They store admin credentials to facilitate management and this creates a serious vulnerability.

The moral of the story, whether for human users or applications that store admin credentials, is best practices in managing privileged system admin accounts must also be applied to social media admin accounts.

For more information on this attack, check out the article on Mashable.

Previous Article
New PCI DSS revision calls for improved password security – and about time too
New PCI DSS revision calls for improved password security – and about time too

The PCI Security Standards Council recently announced the latest revision of the Payment Card Industry Data...

Next Article
Update: Dear Healthcare.gov, Please put Privileged Identity controls on that “surge of techies” before there is a serious information breach
Update: Dear Healthcare.gov, Please put Privileged Identity controls on that “surge of techies” before there is a serious information breach

By John Worrall Update: As soon I clicked “post” on this blog, I knew more information surrounding the fail...

Gartner Names CyberArk a Leader in the 2021 Magic Quadrant for PAM

Download Now