Why Corporate Twitter Accounts Get Hacked
Earlier this week, Internet users were treated to another reminder that some of the world's biggest brands don't have the firmest of grasps on their Twitter accounts.
On Monday (Feb. 18), the Burger King Twitter account was hijacked, resulting in a stream of foul-mouthed, funny tweets about how the company had been bought by rival McDonald's.
On Tuesday, it was Jeep's turn, with a string of tweets promoting mostly obscure rappers. (MTV's own Twitter hijack later Tuesday turned out to be a marketing stunt.)
Why are so many corporate Twitter accounts being hacked and hijacked?
Easy-to-guess passwords are initially to blame, but experts said poor passwords indicate a bigger problem: Many big companies simply just don't take social media seriously.
"When senior management doesn't understand social media, they sometimes feel very comfortable handing over social-media management to interns or recent graduates," Philadelphia-based social-media strategist Alexandra Golaszewska told TechNewsDaily.
While the Jeep and Burger King Twitter hijacks were hilarious to many, such incidents can seriously harm a brand's relationship with its customers by showing that brand managers don't value the direct connections social media provides.
"If the decision makers don't use [social media] themselves, they might not understand the extent of its reach," Golaszewska said. "They don't always realize that even a deleted post can live forever in screen shots."
Dismissive attitudes toward social media can lead to lax social-media security as well. High turnover and unclear social-media policies may result in many former interns and employees who still have keys to a company's social-media platforms.
No one has ever died from a hacked Twitter account or a disgruntled intern's rant on the corporate Facebook profile, but that doesn't mean these incidents don't have real-life consequences.
In the past couple of years, household names such as KitchenAid, Chrysler, Microsoft, Marc Jacobs and StubHub have had their Twitter accounts abused by employees who thought they were tweeting on their own personal accounts, or who used the corporate account to send offensive or brand-damaging messages to a larger audience.
It's not just companies that are at risk. Several celebrities, including Ashton Kutcher, Miley Cyrus and Britney Spears have had their accounts taken over by hackers who suddenly find themselves with an unearned audience of millions.
So how can an individual or company protect a Twitter account?
"In addition to creating a strong password, be sure to change your password often and always change it after someone leaves the company," said Rebecca Debono, social-media strategist at San Diego digital-marketing agency Digitaria. "You never know where former employees place old documents online or how easy their accounts are to hack."
"I always say to my clients, if you can remember your password, it is not cryptic enough," San Diego social-media expert and consultant Mari Smith told TechNewsDaily. "People need to do their homework and find a reliable system that stores passwords and gets them out of the habit of committing passwords to memory."
Smith recommends social-media scheduling tools such as HootSuite, which enables multiple people to tweet or post updates on a single account but doesn't allow users to make profile changes.
"Following these simple guidelines significantly reduces your likelihood of falling victim to a public hacking experience," Debono said.
Smith pointed out that if Twitter offered two-step authentication and strongly encouraged users — especially high-profile celebrities and brands — to enable it, account hijacks such as these would happen with less frequency.
(Twitter has said it is looking into adding two-step authentication, which would require users to log in with a password and a separate factor, such as a code text-messaged to a mobile phone.)
But OneID founder Steve Kirsch, whose service provides one username and password for multiple online accounts, disagrees.
Kirsch told tech news service ZDNet this week that even if Twitter offered two-step authentication, he doesn't believe it would be widely adopted.
"From a practical point of view, it would be like offering a feature that no one used," Kirsch said.
It's true that even the strongest passwords and authentication methods wouldn't have prevented a recent attack that resulted in the theft of 250,000 Twitter passwords.
In that case, hackers exploited a flaw in Oracle's Java browser plug-in to break into Twitter's employee network. (Twitter subsequently changed the passwords of all affected users.)
There's no panacea that will solve the complex security problems of navigating the corporate world on social media.
But companies may be doing themselves a disservice if they treat social media as a second-rate medium for communicating with their customers. As with any other customer-facing aspect of a business, image and control is everything.