Podesta Twitter Hack: A(nother) Lesson on Two-Factor Authentication

In the midst of the WikiLeaks’ release of thousands of emails purportedly from his inbox, Hillary Clinton Campaign Chairman John Podesta has now become the victim of a hack into his Twitter account. CNN is reporting that Podesta’s account was hacked on Wednesday, September 12, and that, just as Clinton landed in Las Vegas, Podesta ostensibly tweeted, “I’ve switched teams. Vote Trump 2016. Hi pol.”


While the specific details of the hack have yet to be discovered, a likely scenario is that Podesta’s Twitter account was protected solely by a username and password – without any form of two-factor authentication. If that is the case, this embarrassing event could have easily been avoided. Twitter has offered additional login verification since at least 2013.

The former Chief of Staff to President Bill Clinton is no stranger to cyber hacks. Just this week, WikiLeaks dumped thousands of emails that it claims came directly from his inbox. While the Clinton campaign hasn’t confirmed their authenticity, Podesta has gone on record stating that he’s cooperating with an FBI investigation into the hacking, and suggested that coordinated efforts by foreign governments may be behind the breach. The reason, he proposes, is that these external entities may be attempting to influence the current US election process.

Hard to say what’s actually going on behind the scenes, but one thing is for sure: Cybersecurity is playing a significant role in the election process. The message, mission and brand of both the campaigns have been significantly impacted, focus on important issues of national concern has been redirected, and much time has been spent explaining and defending what’s quickly becoming a multitude of cybersecurity failures.

Time For a National Cyber Safety Campaign?

Over the last few decades, most Americans have come to accept seat belts as an essential safety measure. The “Click-it or Ticket” campaigns have been highly effective. Maybe it’s time for a new national campaign to raise awareness about the inadequacy of the common password and to introduce the “cyber safety belt” — two-factor authentication.

After all, it’s the number one job of the government to keep Americans safe, and in the modern age, cyber safety is just as important as physical safety. Think of the impact such a campaign could have on identity theft alone.

President Obama launched such an initiative as part of a national action plan designed to protect US innovation from cyberthreats in his February op-ed in the Wall Street Journal. Perhaps our presidential candidates and their staff members should set an example and take the president’s advice to move beyond passwords and add, as he suggested, “an extra layer of security like a fingerprint or codes sent to your cell phone.”

No One Is Immune

Political figures are not the only victims in the latest string of attacks. CEOs and other business executives are prime targets as well. You’ll remember that Facebook cofounder and CEO Mark Zuckerberg’s Twitter and Pinterest accounts were hacked last June, and just a few weeks later, the same hackers took control of Google CEO Sundar Pichai’s Twitter and Quora accounts.

The point here is that everyone is vulnerable. In fact, the higher your profile, the bigger the feather in the cap of the hacker that successfully broke into your account. No matter who you are, if you’re not proactive with cyber security, you may find yourself at the center of the next cyber-attack story. And rather than focusing on customer relationships and building brand goodwill, your compromised business may find itself facing huge barriers to regain trust and rebuild the brand.

Learn more about how MFA Strengthens Security in our executive brief.