Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Twitter Breach Has Possible Silver Lining for Enterprises

You’d think news of a breach is bad, and that’s the end of the story. However Rafal Los, a security strategist with HP Softwaresees things differently. Based on Twitter’s own statements, there’s a bit of an upside to the breach that targeted 250,000 accounts.

You’d think news of a breach is bad, and that’s the end of the story. However Rafal Los, a security strategist with HP Softwaresees things differently. Based on Twitter’s own statements, there’s a bit of an upside to the breach that targeted 250,000 accounts.

On Friday, Twitter joined The New York Times, The Washington Post, and The Wall Street Journal, by announcing that they too had detected a “sophisticated” attack. According to the micro-blogging company, their investigation indicates that the attackers had limited access to usernames, email addresses, session tokens, and salted password hashes for up to 250,000 users.

Opting to err on the side of caution, Twitter reset the passwords on the impacted accounts, and sent notifications to the users. Interestingly, Twitter also hinted that vulnerabilities in Java may have initiated this incident, suggesting that one of their own staff may have been targeted – having their access leveraged to further attack the company.

“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later,” Twitter said in a blog post.

“This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.”

But there’s a slight upside to this story, a different angle. It centers on how Twitter described the chain of events, including the fact that they detected unusual access patterns, discovered an active breach, and mitigated it and prevented further damage.

According to HP’s Los, “…there haven’t been many incidents where the organization breached came out and said that they were able to detect, respond and restore in a meaningful amount of time and more importantly limit the scope of damage.”

Given that most security professionals subscribe to the notion that it isn’t a matter of if they’ll be attacked but when, mitigation and detection are key points in their protection strategies.

“Your enterprise’s ability to detect an attack, respond meaningfully to both stop the attack and minimize its impact, and restore services to business-ready state should be your number one priority. The main reason for this is as Twitter security staff know full well, the determined attacker will be extremely sophisticated, extremely well resourced and likely will succeed,” Los wrote.

Thus, he adds, a more realistic approach to security is to move away from building moats around assets, and expand on intelligence gathering initiatives in order to detect, respond, and restore.

“Let’s face it, if we’re realistic about security we have to acknowledge that we won’t be able to perfectly protect everything of value (even the most critical assets) but we should strive to build intelligence platforms that directly give us actionable results to minimize the potential damage,” Los concluded.

In a statement, Paul Ayers, the VP EMEA for Vormetric said that these incidents – referencing the breach at Twitter, as well as the three news organizations, prove that even when there is security in place, perimeters are permeable.

Offering a separate view from the one Los envisioned, Ayers said that layers defenses are required, “defenses that go from the perimeter network layers, right down to encrypting and controlling access to sensitive data at the file level.” “Organisations need to get their business done but also make sure that, should they be compromised, whatever data spied-on is useless gibberish to whomever happens to steal it,” he said.

“Barbarians are at the gate, and yes you need to maintain that gate (aka network perimeter security), but you need to protect what matters – focus protection as closely as possible around sensitive data itself.”

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.