In an email to AMS staff on Tuesday, it was announced that Twitter accounts with AMS emails were part of a data breach on the dark web.
The data breach was unrelated to AMS account security and occurred on Twitter’s side. This affected Twitter accounts registered with an AMS email address.
Eric Sikich, AMS president, said in a statement to The Journal that other companies and organizations were involved in the breach.
“From January through March 2023, scraped user data from the popular social media company Twitter was leaked on a dark web hacking forum,” Sikich said.
Email addresses, full names, screen names, and other personal information stored on Twitter could have been exposed in the breach, according to Sikich.
The entity responsible for collecting the data—ultimately exposed to the dark web—manipulated a bug in an exposed Twitter application program interface, according to Sikich. He said thousands of organizations such as Walmart, Amazon, and McDonald’s were part of the breach.
“One of our dark web monitoring services alerted the AMS IT team that information from our domain was published, and an email response was sent out by the AMS IT team within 10 minutes of assessment,” Sikich said.
In the email, Matthew Guy, AMS IT officer, told all AMS departments who have a Twitter account registered with an ams.queensu.ca email domain to update their password information.
In reference to current safeguards set by the AMS, Sikich said the AMS uses a “state of the art” Microsoft encrypted cloud for its core data storage. He referenced administrative blocking mechanisms, multi-factor authentication, dark web monitoring, Next Generation Antivirus services, user isolation policies, and email backup as specific mechanisms for IT protection.
“Our first advice as a rule of thumb is to enable multi-factor authentication on any account that supports it. Our second recommendation is based on 2023 cyber security protection: [it’s] to sign up with a password managing service,” Sikich said.
“Data shows that over 90 per cent of data breaches are caused by social engineering […] A password manager will allow you to manage multiple complex passwords using a single master—with multi-factor—so you don’t write things down in unsecure locations.”
Tags
AMS, Dark web, data leak, Queen's, Twitter
All final editorial decisions are made by the Editor(s)-in-Chief and/or the Managing Editor. Authors should not be contacted, targeted, or harassed under any circumstances. If you have any grievances with this article, please direct your comments to journal_editors@ams.queensu.ca.
