In an email to AMS staff on Tuesday, it was announced that Twitter s with AMS emails were part of a data breach on the dark web.
The data breach was unrelated to AMS security and occurred on Twitter’s side. This affected Twitter s ed with an AMS email address.
Eric Sikich, AMS president, said in a statement to The Journal that other companies and organizations were involved in the breach.
“From January through March 2023, scraped data from the popular social media company Twitter was leaked on a dark web hacking forum,” Sikich said.
Email addresses, full names, screen names, and other personal information stored on Twitter could have been exposed in the breach, according to Sikich.
The entity responsible for collecting the data—ultimately exposed to the dark web—manipulated a bug in an exposed Twitter application program interface, according to Sikich. He said thousands of organizations such as Walmart, Amazon, and McDonald’s were part of the breach.
“One of our dark web monitoring services alerted the AMS IT team that information from our domain was published, and an email response was sent out by the AMS IT team within 10 minutes of assessment,” Sikich said.
In the email, Matthew Guy, AMS IT officer, told all AMS departments who have a Twitter ed with an ams.queensu.ca email domain to update their information.
In reference to current safeguards set by the AMS, Sikich said the AMS uses a “state of the art” Microsoft encrypted cloud for its core data storage. He referenced istrative blocking mechanisms, multi-factor authentication, dark web monitoring, Next Generation Antivirus services, isolation policies, and email backup as specific mechanisms for IT protection.
“Our first advice as a rule of thumb is to enable multi-factor authentication on any that s it. Our second recommendation is based on 2023 cyber security protection: [it’s] to sign up with a managing service,” Sikich said.
“Data shows that over 90 per cent of data breaches are caused by social engineering […] A manager will allow you to manage multiple complex s using a single master—with multi-factor—so you don’t write things down in unsecure locations.”
Tags
All final editorial decisions are made by the Editor(s) in Chief and/or the Managing Editor. Authors should not be ed, targeted, or harassed under any circumstances. If you have any grievances with this article, please direct your comments to [email protected].