Posts

Jeep jacked and Burger King busted as company Twitter feeds get hacked

So far, 2013 has been the Year of the Hack, as the past few weeks have proven positively lousy with big-name security breaches. 

Social networks, news outlets, and now…jeeps and fast food? That’s right, recent events have seen two prominent businesses get their Twitter accounts hacked, and worse. Not only did identity pirates shanghai the feeds (and therefore the reputations) of Burger King and Jeep, they used this illegal access to send embarrassing and scandalous messages to their followers.

Last Monday, @BurgerKing began tweeting that it had been sold to McDonalds, changing its image to a golden arches logo and posting ridiculous, wildly provocative comments about rappers and mad cow disease. The same thing happened to Jeep the next day, when its account claimed it had been sold to Cadillac and that its CEO had been fired for doing drugs.

The incidents had huge and bizarre repercussions. Many users tweeted quips about how hackers “had it their way” with the fast food giant. Actually, if the plan was to send people away from the burger chain, it backfired: Burger King now has 30,000 new followers and tons of media attention. In fact, soon after MTV and BET actually pretended to have been hacked, apparently just for the publicity.

Burger King’s well-managed response is a fantastic example of a corporate character trait I call repetitional jujitsu – using negative digital events to your competitive advantage. If you think that BK’s response was accidental, or casual, think again.

Despite the silver lining for the company, this is an alarming series of events. It may seem funny now, but will you be laughing when strangers start using your digital reputation for a prank?  

In response to this, Twitter is determined to make its system more secure by implementing use of the email authentication system DMARC, which will hopefully limit hackers from using false emails to gain private information. While this will help, only time will tell how much difference it actually makes.

It may seem trifling, but your digital reputation is vital to how you’re perceived in the offline world. Proper social media risk management is the key to combating such attacks, and its best to take it to heart before someone makes you the next big online joke.

John Sileo is a social media reputation expert and keynote speaker on online identity and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business. 

Employee Live-Tweets Her Firing From Company Account (Ouch)

Let’s start with a tip today. If you fire your company’s social media manager, you might want to disable their access to the business’ official Twitter account first – and every other social media platform, too.

British company HMV learned that lesson the hard way when an employee live-tweeted her firing. Here are some of the tweets she sent out from the company’s Twitter handle before her access was shut off:

“We’re tweeting live from HR where we’re all being fired! Exciting!!!”
“There are over 60 of us being fired at once! Mass execution of loyal employees who love the brand. #hmvXFactorFiring”

In another amusing twist – amusing at least to everyone but HMV management – the employee tweeted that she overheard the company’s marketing director ask “How do I shut down Twitter?”.

While not every business executive is a social media expert, this situation underscores how dangerous a lack of appreciation for the power of the internet and social media can be. When a police officer is given a sidearm, it’s understood that he or she has received the proper training and will not literally shoot themselves in the foot. Business leaders, however, shoot themselves in the foot all the time when it comes to social media risk management.

The ultimate goal should be to part ways with employees on good terms, but unfortunately, that is not always possible. In either scenario, whether an individual chooses to use personal online accounts or hijack company ones, businesses must be prepared to actively manage their digital reputations. But, more than that, this should be an ongoing focus for companies, not just one that pops up whenever something negative happens.

John Sileo is a digital reputation expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Data security dealt another body blow as Twitter gets hacked

About 250,000 Twitter accounts may have been hacked last week. Was yours one of them?

On Friday, the company announced via its official blog that it has reset the passwords for those users after a breach was detected in which email addresses, usernames and encrypted password data may have been accessed by hackers.

The blog post was quick to point out that other companies such as The Wall Street Journal and The New York Times have recently fallen victim to data security breaches as well, though those attacks appear to have been state-sponsored (check back here tomorrow for more on those breaches).

There has been no indication as of yet that the infiltration of Twitter was related to those incidents. However, Bob Lord, the company’s director of information security and author of the blog post, said he does not believe this was an isolated event, and that the attack was sophisticated and not “not the work of amateurs.”

Lord also suggested that users disable Java in their Web browsers, seemingly suggesting that some of the blame for the Twitter breach could lie there.

The bottom line is that the methods used by hackers, whether independent or state-sponsored, are becoming increasingly sophisticated. Are you taking the necessary steps to ensure that your employees are aware of how serious data security and social media risk management are? Are you absolutely certain that no one is using the same password for their personal Twitter account as they are for their login to your company network?

All it takes is for one individual to either be too lazy to care or uninformed, and your whole company could end up paying the price. Seeking out the advice of a data risk management expert is the best move one can make. In the meantime, try implementing a system where employees regularly change their company passwords in an effort to limit windows of exposure.

John Sileo is an data security expert and keynote speaker on social media privacy and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.