The solution Twitter (and every other big tech company) needs
On July 15th, 2020, the Twitter accounts of some of the platform’s most famous and influential users, including President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple, were hacked.
While the clear external intent of these hacks was to acquire Bitcoin, the hackers may have also gained access to these users’ DM’s and other personal information.
According to the preliminary report on the attack, it appears the hackers coordinated social engineering attacks that successfully targeted some Twitter employees with access to internal systems and tools. While the story is still developing, one source stated that a Twitter employee may have been paid off to give hackers access to a tool that provides deep control over high-profile Twitter accounts.
Imagine if the hackers would have Tweeted something more dangerous from these accounts.
Imagine what information the hackers now have if they were able to access DM’s (remember the Bezos hack on WhatsApp?).
Although we can’t say for certain at this time, the Twitter hack may have resulted, in part, from centralized credential/identity storage and internal threat – both of which present enormous problems and security vulnerabilities. This type of storage is a treasure chest of credentials and information that can lead to a myriad of different hacks and attacks.
What is Centralized credential/identity storage? It’s a treasure chest of goodies!
Think about it like this – you have a steel room where you store everyone’s credentials (usernames and passwords). You keep adding layers and layers of steel, as well as other security measures, but you still need to have a few doors to be able to access the information.
As you add more and more credentials, the value of the stuff in the room increases, making it a more lucrative target for hackers.
Some people have the keys to the doors, making them a target. Rather than breaking into the room, hackers just need to convince (or trick) someone to open the door for them.
It sounds so obvious, yet this outdated approach of centralized storage of sensitive information is still used widely by many of the largest companies in the world!
What “goodies” were the hackers after? Passwords.
Accounting for over 80% of all data breaches, passwords remain the Achilles heel of data protection. Where there is a password, there’s a vulnerability, which is why a movement for passwordless identity is emerging.
A better, safer approach
We believe that the best way to prevent such attacks, and to provide the privacy and security that people deserve, is through zero-knowledge identity that is stored and secured by 2FA at the endpoints and password-free authentication. This approach eliminates impersonation and reading/posting of content and messages.
We’ve developed and patented technology that does just that. Today, we use our technology to power our secure communication app called LockDown. You can get the app on iPhone and Android. Our Mac and Windows version will be released by the end of the month.
As for solving Twitter’s problem – we’d welcome the conversation! We can help!
A.J. Auld is the CEO of LockDown, an all-in-one platform to safely store, share and communicate with complete privacy. Prior to LockDown, A.J. founded several successful companies including Distributed Alpha, a cryptocurrency investment firm; Bright Discounts, a fundraising company; and Titanium Lacrosse, a sports management company, which was acquired in 2015. A.J was a Columbus Business First “Forty under 40” awardee and earned a degree in Finance and Entrepreneurship from Miami University.
LockDown Business is an encrypted communication platform that offers businesses tight controls over the information they send and share. Here is everything you need to know to understand how LockDown … Read More