It began with a phishing attack, meaning a malicious email was crafted to look legitimate and sent out to a handful of their employees. A couple of them clicked the included link, which sent them to a malicious web page, which gained access to their Google Apps account.
“Once the attackers had access to one Onion employee’s account, they used that account to send the same email to more Onion staff at about 2:30 AM on Monday, May 6,” explains the blog post. “Coming from a trusted address, many staff members clicked the link, but most refrained from entering their login credentials. Two staff members did enter their credentials, one of whom had access to all of our social media accounts.”
Thus, the attackers now had access to their Twitter account as well.
After they discovered at least one compromised Google Apps account, The Onion IT department sent a company-wide email to change email passwords right away, but soon after, given that they couldn’t be sure who’s accounts had been compromised, they forced a password reset company-wide for Google Apps.
So, How Do You Prevent This From Happening To You? (A summary of The Onion’s suggestions)
- Make sure all staff are suspicious of all links that ask them for account credentials.
- The email addresses for your Twitter accounts should be separate from your company’s regular email system.
- All Social Media access should go through a service like HootSuite. This restricts password-based access to your Social Media accounts.
- If possible, have a way to reach out to all of your users outside of their organizational email.
Scary stuff. Don’t let it happen to you. Educate your staff, and ensure they are aware of the risks. It’s also worth noting that services like Hootsuite aren’t just there for convenience, since multiple users can be added, and passwords to the Social Media accounts themselves are restricted to select users.