Just a quick one today on the lessons to be learned from this week’s reports on Jeremy Corbyn’s “hacked” twitter account.
As ever, the media were quick to throw around terms like “hack” and “hijack” when talking about the incident. For most people, that language conjures up images of a sinister internet ninjas consciously attacking JC, using terrifying but inexplicable skills and / or exploiting “security issues” around social media.
Not too many people seemed to wonder at the time, why those internet ninjas hadn’t chosen to make better use of their access than slinging around what amounted to playground insults (apologies to the sensitive for the language…). Maybe crafted a few tweets that didn’t sound as though they’d escaped from a drunken crowd on a night out, for example.
Anyway, no surprise at all to find out today that the explanation was nowhere near so sinister. The Times’ Red Box email has discovered what actually happened: Mr Corbyn had given access to his account to a staffer, who was staying in a hostel at the time, and had logged on to one of their public computers to post something on his behalf…and then forgotten to log back off again.
What do we learn from this?
1. Either everyone he works with has the password for JC’s Twitter account, or his senior trusted advisors are very poorly paid and don’t have smartphones (hostel computers?!)
2. The media like to grab the scariest possible interpretation of these things. The majority of time the simplest and least scary is the truth (see also: “I got burgled because of Facebook“, translation: “I told my lightfingered mates I was going on holiday via Facebook, and they cleaned me out“.)
3. Human carelessness is almost always the weak link in the security chain.
4. Be very, very careful who you give your social media passwords to. Even if you can trust them to post appropriately and authentically, they also need to have some common sense about protecting the account – you shouldn’t need to tell anyone to be careful about logging out once they’re done!