Truth be told, it's not been the best of weeks for Martin Shkreli. The former hedge fund manager made himself and his firm Turing Pharmaceuticals notorious earlier this year by raising the price of an AIDS treatment drug from $13.50 to $750 per tablet. That particular stunt resulted in Shkreli being dubbed "the internet's most hated man", and you would think would be enough drama for one year. But on Friday, the controversial 32-year-old suddenly resigned his job as chief executive of his firm Turing Pharmaceuticals. Why? Because the day before he was arrested for allegedly running a Ponzi-like scheme that was said to have defrauded hedge fund investors and misappropriated more than $11 million in assets from another pharmaceutical firm he had headed, Retrophin. Since being released on bail for $5 million, Shkreli has been protesting his innocence on Twitter and answering questions on his live-streaming YouTube channel in between playing online chess and electric guitar. This is, you would think, a man who understands the internet and social media. So it's somewhat surprising to read reports that over the weekend Shkreli's Twitter account was hijacked by an unauthorised party who posted a series of tweets and made changes to Shkreli's profile.
As Reuters reports, Shkreli's spokesperson Craig Stevens confirmed that the series of peculiar, expletive-laden tweets were the result of the account being compromised:
"It was hacked. We have been working with Twitter to get it fixed."
Assuming that is the case, what could have gone wrong? Well, the most likely cause of Shkreli's Twitter account to be hacked would be that he was careless with his password. Either he chose a dumb, easy-to-crack password, or reused the same password in multiple places, or he had his password grabbed through a phishing attack or malware on his computer. In all of these scenarios, sensible best practices and up-to-date security software can prevent an online account from being compromised - but there is an additional level of security which Twitter users can deploy to prevent their accounts from being hijacked. Twitter's Login Verifications feature allows users to go beyond a simple combination of username and password, and instead have a two-step check of their identity. With Login Verifications enabled, users are prompted to confirm their identity via the official iOS and Android app. The idea is that a hacker may have grabbed your password or deduced it, but they won't (hopefully) have your smartphone. And without that final verification step, the password won't be enough to grant them access to your account. Here's a video from Twitter showing Login Verifications in action: https://www.youtube.com/watch?v=IsdvJI0AK5M&rel=0 Login verification can be enabled through the Settings section of your Twitter account. There are possibly many lessons that can be learnt by business people from the chequered career of Martin Shkreli, but perhaps one that is not tangled in controversy is the need for better security over social media accounts. If you care about your personal image and corporation's brand, make sure that your social networking accounts are properly secured - and not at risk of being hijacked by hackers. Image source: Martin Shkreli's Twitter account. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
