MU still looking into Loftin Twitter incident
DoIT is investigating why his account had favorited a pornographic tweet.
Nov. 10, 2014
Chancellor R. Bowen Loftin’s Twitter account favorited a pornographic tweet Oct. 20, raising questions about access to @bowtieger.
The next morning, Loftin tweeted the following:
Just woke up and discovered my twitter account was hacked last night. I am shutting it down until I get my security fixed.— R. Bowen Loftin (@bowtieger) October 21, 2014
I am working with staff to understand what happened to my twitter after wife and I retired last night (in DC). No more tweets until fixed.— R. Bowen Loftin (@bowtieger) October 21, 2014
Loftin resumed tweeting Oct. 24. The graphic tweet in question has since been unfavorited.
MU spokesman Christian Basi said Loftin is the only one with access to his Twitter account and that Loftin writes all his own tweets.
Basi said a university technology team is still looking into the cause of the incident and working to improve account security.
“As demonstrated by this incident, anyone can be vulnerable,” Basi said. “Since technology is always changing, our team works to stay updated on the latest security tools and make sure our account security is the strongest possible.”
MU Information Security Officer Brandon Hough said in an email that the Division of IT has communicated with the chancellor’s office following the Twitter incident and taken steps to protect MU resources.
Hough said strategies for protecting campus information include systems and applications security measures, network security mechanisms and account-level protections.
“Our most important security defense is having faculty, staff and students aware of the risks, and them using best practices to defend themselves and the university against the risks,” he said. “When individuals unintentionally share passwords or inadvertently provide personal data via a fake survey, the technology protections are diminished.”
Hough said the first step in account security is creating strong passwords, keeping those passwords private and changing them occasionally.
“The university has strong requirements for any passwords used on university systems,” he said. “We have an extensive IT security awareness and training program that employees are required to take and is also offered to students. Included in this are recommendations for keeping passwords private and best practices for account security.”