By The Integrity360 Team on July 10, 2018

What businesses can learn from Twitter’s near data breach

Breaches, Alerts & Advisories, Cyber Security Technology

There’s been some big headlines in the news about data breaches over the last few years. An attack on Equifax exposed the sensitive information of 143 million U.S. citizens; Yahoo! saw hackers compromise 3 billion accounts.

But one name you won’t find on that list is Twitter. The social media company announced in May that it had a discovered a bug in its password hashing process that could have exposed the credentials of all 331 million accounts, and advised its userbase to change their information immediately.

In doing so, the platform avoided a damaging data breach during a tumultuous time where consumers are more conscientious than ever with how businesses handle their sensitive data. The brief news story serves as a long-lasting lesson as to why enterprises should take part in continuous threat and vulnerability management. 

Twitter password exposure: What happened 

When a user enters his or her password, the corresponding account system (when functioning correctly) doesn’t actually see what was typed. The password is associated with a hash – or an encrypted version of the password that consists of a random array of letters and numbers. This offers consumers complete confidentiality and anonymity of their information, and ensures insider threats can’t take advantage of their administrative access.

Twitter discovered that during the hashing process, passwords were stored in plain text on an internal log before entering the encryption phase. This is a configuration flaw that likely resulted from human error. Anyone with administrative access to those logs – whether they be employees or external threat actors – could have easily gained control of any account.

Although it’s uncertain how the configuration flaw was discovered, the situation speaks to the growing importance of threat and vulnerability management in modern cyber security strategies. The strategy aims to find exploits or critical vulnerabilities before hackers can use them to enter a network. Had someone infiltrated Twitter’s network during the same time that the configuration flaw was still undetected, the social media company would have likely suffered a data breach.

Threat and vulnerability management wouldn’t have found the configuration flaw, but it secured the network to give Twitter’s internal IT team enough time to find the error without databases being breached.

Quick intervention before the data was compromised saved Twitter from a year-long news story questioning its IT practices, covering its legal proceedings and joining the more general conversation that Facebook finds itself in. Instead, Twitter went through a quick news cycle and was able to move on without a scratch considering the potential magnitude of the vulnerability. 

What is threat and vulnerability management? 

No news is good news when it comes to data breaches, but headlines rarely tote the successes that went into a failed cyber-attack. There’s a lot of effort involved in staying out of the news, and one aspect of that is continuous threat and vulnerability management.

The strategy leans on an approach where offence informs defence. Skilled cyber security experts crawl organisations’ digital and physical infrastructures to find the weakest links that could facilitate a cyber-attack or data breach. This could be a simple as disabling WDigest authentication on computers to prevent hackers from stealing credentials, or as comprehensive as improving employee cyber security training.

Consistently evaluating the business and its assets from the ground-up gives companies the best chance to discover and stop a data breach before the attacker has a chance to find opportunities like the configuration flaw. 

Why Twitter’s data breach that ‘never was’ is important 

Cyber security strategies can’t carry the same frame of mind as long-term stock market investing; you shouldn’t just set it and forget it.

Data breaches can cause consumer and shareholder confidence to waver, bring on a bevy of legal troubles and cost the business millions in remediation. With the stakes so high, it doesn’t make sense to hope that the defences hold – businesses need to stress test their products, infrastructure and security tools to ensure comprehensive protection.

Continuous threat and vulnerability management can help your business prevent an error from being exposed, and the discovery of a configuration flaw in Twitter’s encryption process is a reminder of that.