Advertisement

SKIP ADVERTISEMENT

Twitter Hacking Puts Focus on Security for Brands

While most Americans were winding up their holiday weekends last Monday, the phones at the Vancouver headquarters of HootSuite, a social media management company, began to ring.

Burger King’s Twitter account had just been hacked. The company’s logo had been replaced by a McDonald’s logo, and rogue announcements began to appear. One was that Burger King had been sold to a competitor; other posts were unprintable.

“Every time this happens, our sales phone lines light up,” said Ryan Holmes, the chief executive of HootSuite, which provides management and security tools for Twitter accounts, including the ability to prevent someone from gaining access to an account. “For big brands, this is a huge liability,” he said, referring to the potential for being hacked.

What happened to Burger King — and, a day later, to Jeep — is every brand manager’s nightmare. While many social media platforms began as a way for ordinary users to share vacation photos and status updates, they have now evolved into major advertising vehicles for brands, which can set up accounts free but have to pay for more sophisticated advertising products.

Burger King and Jeep, owned by Chrysler, are not alone. Other prominent accounts have fallen victim to hacking, including those for NBC News, USA Today, Donald J. Trump, the Westboro Baptist Church and even the “hacktivist” group Anonymous.

Those episodes raised questions about the security of social media passwords and the ease of gaining access to brand-name accounts. Logging on to Twitter is the same process for a company as for a consumer, requiring just a user name and one password.

Twitter, like Facebook, has steadily introduced a number of paid advertising options, raising the stakes for advertisers. Brands that pay to advertise on Twitter are assigned a sales representative to help them manage their accounts, but they are not given any more layers of security than those for a typical user.

Ian Schafer, the founder and chief executive of Deep Focus, a digital advertising company that also fielded a few phone calls from clients concerned about the Burger King attack, argued that Twitter bore some responsibility.

“I think Twitter needs to step up its game in providing better security,” Mr. Schafer said. In a memo to his staff about such attacks, he called on social networks like Facebook, Twitter, Pinterest “and anyone else serious about having brands on their platform” to “invest time in better understanding how brands operate day to day.”

“It’s also time for these platforms to use their influence to shape security standards on the Web,” he wrote.

Image
Burger King’s Twitter account was hacked last Monday.Credit...Associated Press

The risk for Twitter is in offending potential business partners as the company tries to build its advertising dollars, which make up the bulk of its revenue. In 2012, the company grew more than 100 percent, earning $288.3 million in global advertising revenue, according to eMarketer.

On Wednesday, it introduced a product that would allow advertisers to create and manage ads through third parties like HootSuite, Adobe and Salesforce.com. Advertising is estimated to account for more than 90 percent of the company’s revenue.

“This is not something we take lightly,” said Jim Prosser, a Twitter spokesman, in an interview last month. (The company declined to comment on the Burger King hacking, saying it did not discuss specific accounts.) Mr. Prosser said Twitter had manual and automatic controls in place to identify malicious content and fake accounts, but acknowledged that the practice was more art than science.

Mr. Prosser said Twitter had taken an active role in combating the biggest sources of malicious content.

Last year, the company sued those responsible for five of the most-used spamming tools on the site. “With this suit, we’re going straight to the source,” it said in a statement. “We hope the suit acts as a deterrent to other spammers, demonstrating the strength of our commitment to keep them off Twitter.”

But security experts say, and the recent hacks of Burger King, Jeep and other brands have demonstrated, that Twitter could do more.

“Twitter and other social media accounts are like catnip for script kiddies, hacktivists and serious cybercriminals alike,” said Mark Risher, chief executive at Impermium, a Silicon Valley start-up that aims to clean up social networks. “Because of their deliberately easy access and liberal content policies, accounts on these networks prove irresistibly tempting.”

In Jeep’s case, hackers replaced the brand’s thumbnail image with a Cadillac emblem. (Jeep is a division of Chrysler and Cadillac is a division of General Motors.) The background images on Jeep’s Twitter page were replaced by a photo of men in a car branded with McDonald’s logos, and nonsensical posts began to flow into the account’s news feed.

Prominent hacking — or “social media meltdowns,” as Mr. Holmes of HootSuite calls them — can mean an increase in sales leads for HootSuite’s social media management products. (Neither Jeep nor Burger King is a HootSuite client.) But the attacks raised questions about how easy it is for accounts to be compromised on Twitter and what brands can do to prevent future attacks.

“If you’re a competing brand to Burger King, you’re immediately going to be thinking about how to protect your brand and how you can prevent this from happening to you,” Mr. Holmes said. When Burger King was hacked, the company worked with Twitter to suspend the account temporarily while it fixed the problem.

The hackers themselves can be much more agile. In December, Anonymous, the loose collective of hackers, broke into Westboro Baptist Church members’ Twitter accounts and, in some cases, released information like the members’ home addresses and telephone numbers, as well as the locations of the hotel rooms where the church was said to be coordinating the protests it is known for.

In response, Twitter suspended the account of @YourAnonNews, one of the primary accounts associated with Anonymous. But almost immediately, the hackers set up a backup Twitter account, @YANBackUp, until the original one was reinstated. When it was, the account not only emerged unscathed, but had added 100,000 followers.

A version of this article appears in print on  , Section B, Page 1 of the New York edition with the headline: Twitter Hackings Put Focus on Security for Brands. Order Reprints | Today’s Paper | Subscribe

Advertisement

SKIP ADVERTISEMENT