Earlier this month, popular website and newspaper The Onion, which offers a satirical look at the news and current events, had their Twitter account hacked by a Syrian group calling themselves the Syrian Electronic Army. The account was then used to send series of anti-Israel posts and posts attacking the US and United Nations. The Onion has revealed that the hack happened courtesy of a phishing attack and that one foolish employee and some sloppy security are to blame. In a post on their website they explained in detail:
Once the attackers had access to one Onion employee’s account, they used that account to send the same email to more Onion staff at about 2:30 AM on Monday, May 6. Coming from a trusted address, many staff members clicked the link, but most refrained from entering their login credentials. Two staff members did enter their credentials, one of whom had access to all of our social media accounts.
After discovering that at least one account had been compromised, we sent a company-wide email to change email passwords immediately. The attacker used their access to a different, undiscovered compromised account to send a duplicate email which included a link to the phishing page disguised as a password-reset link. This dupe email was not sent to any member of the tech or IT teams, so it went undetected. This third and final phishing attack compromised at least 2 more accounts. One of these accounts was used to continue owning our Twitter account.
To their credit, the Onion’s IT staff readily admitted their mistakes, saying the email addresses linked to their social media accounts should have been isolated from the rest of the company’s email and that it’s obvious they need to better educate their users. Education is never enough though, because you never know when a user will get impulsive, greedy, or just plain tired and not think before clicking. Humans are well…human. That’s why it’s important to protect your network and its data with software and hardware solutions and a little common sense.
Has your company ever been hacked? If so, what happened and what did you do to keep it from happening again?