It would appear that 2014 is starting off on a sour note for the folks in Microsoft’s social media team.
The Syrian Electronic Army (SEA) appears to have compromised Skype’s Twitter account. Skype was acquired by Microsoft in 2011.
There is evidence to suggest the attackers were able to gain access to Skype’s Facebook and WordPress blogs as well, likely indicating either shared passwords or perhaps compromise of Skype employees’ email accounts.
This isn’t entirely surprising as the FBI had issued a warning on Christmas Eve to media organizations about a new wave of phishing attacks associated with the infamous SEA.
Skype has more than three million followers on Twitter, which indicates that, had the attackers wanted to send out malicious links or other dangerous content, this could have been a whole lot worse.
What I would like to know is why on earth a company social media profile with over three million followers would not be using two-factor authentication.
Earlier this year Twitter rolled out an improved two-factor solution seemingly in response to previous attacks by the SEA.
WordPress offers two-factor authentication and Facebook has supported two-factor authentication for a couple of years now, all in an attempt to prevent this exact type of attack.
Microsoft, would you care to explain why you apparently are not using it?
I believe it is the responsibility of organizations with a large number of followers to do whatever they can to secure their profiles.
I suppose this can be a lesson to the rest of us. Take advantage of the safety net of two-factor authentication whenever possible. While it may be less than perfect, so are you.