Twitter said today it's been working over the past months to bolster its internal security by requiring staff to go through additional security training, engaging in penetration tests, and by deploying hardware security keys to all employees.
The measures announced today are part of Twitter efforts to prevent a repeat of the July 2020 hack[1] during the US presidential election later this fall.
In July this year, hackers phished Twitter staffers, gained access to its internal platform, and then tweeted a cryptocurrency scam via high-profile and verified accounts. Some of the defaced accounts belonged to political figures, including presidential candidate Joe Biden.
Twitter learned a hard lesson in July, but in a blog post[2] today authored by Parag Agrawal, Twitter Chief Technical Officer, and Damien Kieran, Twitter Data Protection Officer, the company said it learned its lesson and has taken corrective actions.
Staff to go through security training more often
The first of these was to require that all new hires go through a "Security and Privacy & Data Protection training."
Second, Twitter also introduced new courses and increased the frequency and availability of existing courses for all employees.
Third, Twitter also introduced two new mandatory training sessions for people who have access to non-public information stored in its backend tools.
"These trainings make clear the dos and don'ts when accessing this information and ensure employees understand how to protect themselves when they are online so they can better avoid becoming phishing targets for attackers," Agrawal and Kieran said today.
Twitter employees now use hardware security keys
Additional changes were also made to secure coding, threat modeling, privacy impact guidelines, so future in-house backend tools would be developed with more security features from the get-go.
But since the July hack started from