AUDIE CORNISH, HOST:
From NPR News, this is ALL THINGS CONSIDERED. I'm Audie Cornish.
ROBERT SIEGEL, HOST:
And I'm Robert Siegel.
In recent weeks, NPR, the Associated Press, the BBC and Al-Jazeera have all had their Twitter accounts hijacked. Twitter has become a widely used communications platform. Last week, for instance, the Boston Police Department relied on its account to send updates to the world, so hacks of high-profile accounts have real world consequences. And as NPR's Steve Henn reports, security at Twitter is facing serious scrutiny.
STEVE HENN, BYLINE: Twitter has become a honey pot for hackers. It's so deliciously attractive, they can't seem to resist.
MARK RISHER: I think more than something about Twitter's security is the fact that it's so desirable as a platform because you get this instant, real-time access to a very, very large audience.
HENN: Mark Risher is the founder and CEO of Impermium. Risher's firm specializes in protecting social media accounts.
RISHER: It's very tempting. It's almost irresistible to these remote hackers who are able to operate from really anywhere in the world and just continue these deliberate, concerted efforts to break into specific accounts.
HENN: A successful hack on the right Twitter account can make news. Here's Bloomberg TV yesterday.
(SOUNDBITE OF BLOOMBERG TV BROADCAST)
HENN: The Syrian Electronic Army claimed responsibility for the hack and posted a bogus message saying there had been an attack on the White House. Last week, the same group hacked into several of NPR's own accounts. The AP attacks began with a cleverly disguised email to staffers that included a malicious link
RISHER: Phishing messages have become much more convincing and much more realistic than those old, you know, Nigerian oil minister who wants to give you $25 million dollars and maybe, most importantly, they're coming from reputable channels or at least...
HENN: ...look like they do. If hackers compromise a computer and either steal a Twitter password or trick someone into giving that password up, that's it. They're in. That's all it takes. And Scott Behrens at Neohapsis Labs says it's not just media companies that need to be concerned.
SCOTT BEHRENS: Imagine if an attacker compromised a Twitter feed for, say, a medical company and tweeted something about a new drug or a partnership. That could cause, once again, turmoil in the stock market.
HENN: There are some simple steps that could make attacks like these more difficult.
BEHRENS: There may be some room for Twitter to improve by adding additional technologies around logging in such as two-factor authentication.
HENN: If you are using two-factor ID, hackers who log in from an unknown location don't just need a stolen password. The hackers also need a one-time code sent by Twitter to, say, a cellphone or a secure e-mail address before they can get in. This approach isn't foolproof, but Twitter has hired engineers to begin rolling it out. Still, Scott Behrens says the primary responsibility for keeping social media accounts secure rests with the people and institutions that use them. And many need better passwords, better practices and better defenses against hackers. Steve Henn, NPR News, Silicon Valley.