A phishing email was sent to employees at the Associated Press, less than an hour before the company’s Twitter feed was taken over and used to issue multiple tweets. Attackers only need one recipient to click a link and follow through to potentially compromise first one PC, and then an entire network. Only a username and password are required to log into a Twitter account, and the username is already publicly known. Twitter is reportedly testing a two-factor authentication system for users but this will be no security panacea, especially for business users.”]
Source: https://www.darkreading.com/attacks-breaches/ap-twitter-hack-lessons-learned