Twitter has boosted its security measures following attacks on accounts run by media firms like The Associated Press, several of which were blamed on pro-Assad hackers.
The micro blogging site, which transmits some 400 million messages a day, said on Wednesday that it had begun rolling out an optional “login verification” service to thwart hackers seeking to hijack accounts with stolen passwords.
Many of the hacking incidents were linked to the Syrian Electronic Army, a pro-Assad group that has also claimed responsibility for hacking social media portals run by Al Arabiya.
Attacks were not limited to media outlets, with two of FIFA’s Twitter accounts having been hacked in April, for which the Syrian Electronic Army also claimed responsibility.
Security experts welcomed Twitter’s move to tighten security. The social media service had come under fire over the past year for failing to offer users ‘two-factor authentication’, amid a surge in breaches of high-profile accounts.
That criticism intensified in April after a fake tweet about a non-existent White House explosion sent from the Associated Press account briefly roiled U.S. financial markets.
“It's been a long time coming,” said Jeremiah Grossman, chief technology officer of White Hat Security. “It's not going to solve all problem, but it's a step in the right direction.”
When users log in to Twitter via a web browser, they must confirm their identity by entering a six-digit code that Twitter delivers to their smartphones. To access the service through applications for PCs and smartphones, users must use an automatically generated temporary password for each of the programs.
Twitter described the offering in a blog post, reminding users that they still need to use strong passwords to keep accounts secure.
The approach is similar to security tools previously introduced by other Internet services from companies including Facebook Inc, Google Inc and Microsoft Corp.
“This would have made the AP hack and other hacks against Twitter more difficult to accomplish,” said Jeffrey Carr, CEO of cyber security firm Taia Global Inc.
Yet he added that hackers looking to break into corporate accounts will still be able to do so if they can take control of PCs or smartphones running applications authorized to use the service.
“Two-factor authentication isn't perfect," Carr said. "If you own the machine, it really doesn't matter.”
UK: Guardian newspaper’s Twitter feeds hackedThe Guardian newspaper says its Twitter accounts have come under a cyberattack, and it cited a claim of responsibility from the group calling itself ... Middle East
Twitter security in crosshairs after AP account hijackA hijacked Associated Press Twitter account that rattled markets with false word of an attack on the White House put the security of social media in ... Technology
Hackers compromise AP Twitter accountHackers compromised Twitter accounts of The Associated Press on Tuesday, sending out a false tweet about an attack at the White House. The false tweet ... World News
CBS Twitter hacks said to be launched by pro-Assad groupTwitter accounts operated by the U.S. broadcaster CBS have reportedly been hijacked by pro-Assad hackers, in the latest cyber-attack apparently ... Media
Twitter popularity tests conservative gulfTwitter’s unmatched platform for public opinion is emboldening Gulf Arabs to exchange views on delicate issues in the deeply conservative region ... Media
Saudi Arabia may seek to end anonymity for Twitter users: reportSaudi Arabia may try to end anonymity for Twitter users in the country by limiting access to the site to people who register their identification ... Middle East