phished password

by Kevin Lancaster

Security Awareness Training Isn’t Exciting – But You Don’t Want the Twitter Hack Kind of Excitement

When we first heard about the 2020 Twitter hack, questions and speculation started flying around the cybersecurity world. Was it state-sponsored attackers? Political groups? A gang of professional cybercriminals? Considering the size and scope of the hack and the high profile of the targets, not to mention the security expectations for a company like Twitter, experts immediately assumed that the hack was highly-organized and technologically advanced. But they were wrong – one phished password was to blame. The mastermind behind the Twitter breach was a 17-year-old kid who successfully phished and caught a privileged employee password.

How Did the Humble Password Cause Havoc at Twitter?

The process that this hacker used to get his hands on a useful employee password for Twitter was laughably simple – phishing. Specifically, spear phishing. In a recent update on the incident, Twitter noted that the hacker/s gained access to an account management dashboard by using social engineering and spear-phishing (including attacks on smartphones) to obtain credentials from Twitter employees that allowed them to access internal systems.

skout rebound 2020 exclusively sponsored by ID Agent in white on a lime and turquoise sunburst and news about DIY Dark Web Monitoring

Don’t let this year’s non-stop chaos get you down – get ready for your business REBOUND with Channel Experts!

Reserve your seat for REBOUND 2020 >>>

Exclusively sponsored by ID Agent

How Can You Prevent This from Happening to You?

Security awareness training, including phishing resistance and credential handling, isn’t very glamorous, but it could have prevented the 2020 Twitter hack. People can and will make mistakes, and as long as users are accessing systems and data, they need to be trained in security awareness and risk management to avoid potentially devastating (and embarrassing) incidents like this one.

A Successful Phishing Attack Led Directly to This Breach. Improve Your Staff’s Phishing Resistance.

Training your employees to resist today’s #1 security threat, phishing attacks, is the biggest long-term improvement in security that you can make. Over 90% of attacks that end in a data breach start with phishing, and a huge increase in phishing attacks means that your staff is putting your business at risk with every email ( or company sms text or instant message) that they handle. Not to mention, phishing is the most common delivery system for ransomware. Just like Twitter, your company is 1 click away from a cybersecurity disaster.

BullPhish ID quickly increases employee phishing resistance, creating awareness of unexpected phishing threats, including COVID-19 threats. Perfect for in-office or remote training, easy management tools enable set-it-and-forget-it training for customizable groups of users. Our constantly updated plug-and-play training content includes over 80 complete phishing resistance training kits and 50 security video campaigns – with 27 videos available in 8 languages.

2020 Twitter Hack

Our cost-effectiv] phishing resistance training quickly reduces your risk of experiencing a phishing-based cyberattack.

See BullPhish ID at work in a 10-minute demo video

Does Your Staff Really Know Better Than to Share Their Passwords? Boost Password Security With Automated Protection.

Password security is an ongoing problem for every company. One compromised password was enough for these hackers to access sensitive systems at Twitter, allowing them to manipulate user accounts and see confidential data. Recycling and resuse raise risk – 48% of workers use the same passwords in both their personal and work accounts. Which is a big problem, because compromised passwords cause 81% of data breaches.

Passly helps solve your password security problem by providing additional security that blunts the impact of a compromised password with one simple but powerful tool: multifactor authentication (MFA). Your login system will ask every user for a code or authentication token delivered through an app, text message, or another method, every time they log in – and that’s something that the bad guys won’t have, denying them access to your systems and data.

phished password

See how this affordable multifunctional secure identity and access management solution improves your security on Day 1!

Watch a 10-minute demonstration of Passly now.

Even Twitter Needs to Improve Security Awareness Training. Shouldn’t You Do That Too?

Increasing security awareness with improved phishing resistance training and password safety tools sounds like the kind of routine maintenance that can be put off “until things slow down”, but it can’t. 2020 is on track to be a record year for data breaches, and you don’t want to be part of that record. As this incident at Twitter illustrates, adherence to basic security protocols can save companies from cybercrime – and that’s a threat every company is facing every day.

Don’t put it off another day – improve security awareness training now to save money and headaches later.

ID Agent logo and DIY Dark Web Monitoring

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,000 MSPs in 30+ countries choose to Partner with ID Agent!


See our innovative, cost-effective digital risk protection platform in action.


Contact us to schedule a one-on-one call to see how we can grow your business.


Share This Post!