SOCIAL media services like Twitter must tighten security around admin staff with access to internal systems, experts have said.
The warning comes after last night's Twitter breach, where hackers targeted employees with access to the firm's internal systems and posted a Bitcoin scam to the accounts of high-profile figures in the US.
Former president Barack Obama, rapper Kanye West and current presidential candidate Joe Biden were among those hit, with identical messages promoting the cryptocurrency scam posted to their profiles.
Twitter has now confirmed the incident was a "co-ordinated social engineering attack" by hackers who had targeted Twitter employees with "access to internal systems and tools".
Cyber security expert Todd Peterson, from software firm One Identity, said better management of staff with access to such sensitive internal tools was vital to prevent future repeats of the attack.
"Providing great customer support for high-profile customers means IT administrators need privileged access to their accounts - to help reset passwords and to help clear up after an account takeover," he said.
"However, with this great power comes great responsibility - and it takes only one bad admin to create global chaos by abusing their privileged access.
"Touching such high-profile Twitter accounts should be tied to an approval process, where a single person cannot act alone, without a detailed explanation and an approval by a superior.
"A modern record-and-review monitoring system would have also stopped the lone actor in their tracks by flagging the highly unusual activity and helping to retrace and undo their steps."
In a statement, Twitter said: "We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf."
Twitter said after incident it had taken "significant steps to limit access to internal systems and tools while our investigation is ongoing".
Chief executive Jack Dorsey said: "Tough day for us at Twitter. We all feel terrible this happened."
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here