Establishing Digital Trust: Don't Sacrifice Security for Convenience
On their own Twitter account, the hackers also posted what they claimed were Microsoft CEO Steve Ballmer's e-mail address and phone number, writing, "You can thank Microsoft for monitoring your accounts/emails using this details."
Soon after, Microsoft regained control of the Skype Twitter account and stated, "You may have noticed our social media properties were targeted today. No user info was compromised. We're sorry for the inconvenience."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
As Sophos' Chester Wisniewski notes, the nature of the attack seems to indicate either that the same password was shared between the three social media accounts or that a Skype employee's e-mail account was compromised -- and more importantly, it indicates that Microsoft isn't using two-factor authentication on its social media accounts.
"I believe it is the responsibility of organizations with a large number of followers to do whatever they can to secure their profiles," Wisniewski writes. "I suppose this can be a lesson to the rest of us. Take advantage of the safety net of two-factor authentication whenever possible. While it may be less than perfect, so are you."