Customer details and payment data is safe, says purveyor of consumer electronics Incredible Connection, after it lost control of its Twitter account late yesterday. The retail giant had log-in credentials to its official feed on the micro-blogging platform stolen, after what appears to be a fairly run of the mill phishing attack.
Readers of htxt.africa alerted us to the fact that they were receiving strange mentions containing spammy links from the official @IncConnection Twitter account yesterday evening. Those links led to spam websites set up to phish for further Twitter credentials from those unluck enough to click on them. The danger with these kinds of attacks isn’t just they allow third parties to post unwanted information in your Twitter feed, but that unwary followers might be tricked into handing over other details – such as for online banking – or worse, install keylogging software or other malware on your system.
Jean Ochse, digital manager at Incredible Credential, says that while the Twitter attack was unfortunate, customers shouldn’t be concerned about any personal data held on Incredible’s own systems. According to Ochse, the company’s internal IT systems are not directly connected with the social media streams, which are handled by an outside company.
There is, however, a danger that if anyone clicked on the links that were sent out from the official account they may find their information compromised via other means. He strongly advises followers to change their Twitter password – and any others they may be worried about – as soon as possible.
Ochse also told us that the password for Incredible’s social media account followed all of Twitter’s security guidelines. How the account was compromised, he says, is unknown at this time. He told us the password is lengthy, and contains a good mix of special characters and numbers, factors that make it more difficult for the password to be guessed or “cracked” by a computer.
This type of harassment via social media isn’t entirely new to the company. Ochse said Incredible Connection’s Facebook page is frequently the target of spammers looking to reach the company’s community of 101,000 members, and while its Twitter following is a lot smaller at just 6,200 people, that’s still enough to present an attractive target.
“It’s the age we’re living in”, Ochse said, “and the kind of things businesses everywhere have to deal with, especially ones with a large digital footprint like Incredible Connection.”