Like Dominoes - The Anatomy Of The Twitter Attack

How many of our systems have interconnections to other systems that have weaker security? If so, remember that your ultimate level of security is that of the weakest link. This is a story about an executive, in this case the CEO of Twitter, whose Gmail account gets compromised (domino #1: password reset), which leads to leakage of corporate sensitive information that was stored with Google Docs. The intruder then covered his tracks so that the account owner would not notice (domino #2: reset password back to original by correctly guessing the CEO was using a single password for multiple accounts).

The same warning are applicable for bank accounts, phone records, insurance contracts, health records. Any account with sensitive information which uses a weaker account (e.g. most webmail applications) as a backup is likely to be a target of attackers looking for fresh prey and easy access to documents.

Src: The Anatomy Of The Twitter Attack |

No comments: