The Financial Times has confirmed that its website and several Twitter accounts were hacked by the Syrian Electronic Army (SEA).
The hacker group managed to publish 12 blog posts on the FT's Tech Blog in four minutes on Friday 17 May, and also sent tweets through the FT's Twitter feeds – saying “The Syrian Electronic Army was here” – to thousands of followers.
The FT said the accounts were hijacked following a phishing attack targeting company email accounts.
Twitter recently advised media companies to be on the lookout for attacks, according to Ars Technica.
The SEA's continuing success suggests media outlets still have a way to go in protecting themselves from phishing, one of the older methods of attack, the report said.
more on two-factor authentication
- Dropbox to implement two-factor authentication after security breach
- Limitations of two factor authentication (2FA) technology
- Bank of India’s 2FA with mutual authentication goes beyond OTPs
- 2FA means sweet FA says inventor of Gridsure's simple to use authentication system
- Facebook and Two Factor Authentication (2FA) - for better or worse?
- Alternative authentication: New authentication methods for enterprises
The SEA, believed to be a front for the al-Assad government, previously targeted al Jazeera, France 24 TV, US National Public Radio and the Associated Press news agency.
Shortly after the Associated Press attack, it emerged that Twitter was testing a two-factor authentication system internally that is aimed at making it more difficult for hackers to take over users’ accounts.
The planned security system requires users to enter a one-time password (OTP) sent to their mobile phones whenever they log in from a computer or device they do not normally use.