As Its Influence Grows, Twitter Becomes A Hacking Target : All Tech Considered The Associated Press, NPR and the BBC have all had their Twitter accounts hijacked in recent weeks. Hacks of high-profile accounts have real-world consequences, and the security at Twitter is coming under increased scrutiny.
NPR logo

As Its Influence Grows, Twitter Becomes A Hacking Target

  • Download
  • <iframe src="" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
As Its Influence Grows, Twitter Becomes A Hacking Target

As Its Influence Grows, Twitter Becomes A Hacking Target

  • Download
  • <iframe src="" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript


From NPR News, this is ALL THINGS CONSIDERED. I'm Audie Cornish.


And I'm Robert Siegel.

In recent weeks, NPR, the Associated Press, the BBC and Al-Jazeera have all had their Twitter accounts hijacked. Twitter has become a widely used communications platform. Last week, for instance, the Boston Police Department relied on its account to send updates to the world, so hacks of high-profile accounts have real world consequences. And as NPR's Steve Henn reports, security at Twitter is facing serious scrutiny.

STEVE HENN, BYLINE: Twitter has become a honey pot for hackers. It's so deliciously attractive, they can't seem to resist.

MARK RISHER: I think more than something about Twitter's security is the fact that it's so desirable as a platform because you get this instant, real-time access to a very, very large audience.

HENN: Mark Risher is the founder and CEO of Impermium. Risher's firm specializes in protecting social media accounts.

RISHER: It's very tempting. It's almost irresistible to these remote hackers who are able to operate from really anywhere in the world and just continue these deliberate, concerted efforts to break into specific accounts.

HENN: A successful hack on the right Twitter account can make news. Here's Bloomberg TV yesterday.


HENN: The Syrian Electronic Army claimed responsibility for the hack and posted a bogus message saying there had been an attack on the White House. Last week, the same group hacked into several of NPR's own accounts. The AP attacks began with a cleverly disguised email to staffers that included a malicious link

RISHER: Phishing messages have become much more convincing and much more realistic than those old, you know, Nigerian oil minister who wants to give you $25 million dollars and maybe, most importantly, they're coming from reputable channels or at least...

HENN: ...look like they do. If hackers compromise a computer and either steal a Twitter password or trick someone into giving that password up, that's it. They're in. That's all it takes. And Scott Behrens at Neohapsis Labs says it's not just media companies that need to be concerned.

SCOTT BEHRENS: Imagine if an attacker compromised a Twitter feed for, say, a medical company and tweeted something about a new drug or a partnership. That could cause, once again, turmoil in the stock market.

HENN: There are some simple steps that could make attacks like these more difficult.

BEHRENS: There may be some room for Twitter to improve by adding additional technologies around logging in such as two-factor authentication.

HENN: If you are using two-factor ID, hackers who log in from an unknown location don't just need a stolen password. The hackers also need a one-time code sent by Twitter to, say, a cellphone or a secure e-mail address before they can get in. This approach isn't foolproof, but Twitter has hired engineers to begin rolling it out. Still, Scott Behrens says the primary responsibility for keeping social media accounts secure rests with the people and institutions that use them. And many need better passwords, better practices and better defenses against hackers. Steve Henn, NPR News, Silicon Valley.

Copyright © 2013 NPR. All rights reserved. Visit our website terms of use and permissions pages at for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.