Jeep Twitter account hacked - is it Twitter's fault?

Jeep Twitter account hacked - is it Twitter's fault?

Summary: On Monday Burger King's Twitter account was hacked, today Jeep's account was compromised. Are brands taking enough care of their social properties?

SHARE:

Burger King briefly suspended its Twitter account on Monday after its account was apparently taken over by hackers.

Burger King
Credit: cbsnews

 Tweets from the Burger King compromised account included references to the hacker group Anonymous and LulzSec. The hashtag #OpMadCow was used to refer to the takeover.

On Tuesday, the Twitter account for Jeep was taken over by presumably the same hackers that hacked the Burger King account. The hashtag #OpMadCow was again used.

Jeep’s Twitter description was modified to “The official Twitter handle for the Jeep – Just Empty Every Pocket, Sold to Cadillac –[#OpMadCow #OpWhopper.

Cadillac moved to state that it was not connected to the hack:

Just to clarify, Cadillac is not connected to the hack of the @jeep Twitter account.

— Cadillac (@Cadillac) February 19, 2013

Tweets claiming that Jeep had been sold to Cadillac were deleted by Jeep when it regained control of its account:

Hacking: Definitely not a #Jeep thing. We’re back in the driver’s seat!

— Jeep (@Jeep) February 19, 2013

Burger King tweeted “.@Jeep Glad everything is back to normal” which elicited this response from Jeep:

.@burgerking Thanks BK. Let us know if you want to grab a burger and swap stories - we'll drive.

— Jeep (@Jeep) February 20, 2013

Two brands with a large following on Twitter have been hacked in the last two days. Burger king has 113,000 followers and Jeep has 108,000 followers.

Both accounts seem to have been hacked by the same group.

Both brands, as far as I know have never had their web sites compromised, yet their main social feeds seem to have been both hacked with ease.

This raises a couple of issues. Do brands place the same policy and security standards for social feeds as they do to access their web sites?

Are passwords easier to crack on Twitter because there might be several people accessing the account and an easier password might be used?

Or is Twitter itself inherently insecure with easily bypassed security?

At the beginning of February Twitter sent out thousands of emails requesting that users changed their passwords after a number of accounts had been compromised.

Twitter stated that resetting the password for users was “a routine part of our processes to protect our users”.

But with more and more brands relying on Twitter for communication the need to have adequate layers of security and account integrity becomes more important for customer communications.

We need to be able to trust the messages from the brands we follow.

Twitter needs to ensure that long complex passwords are created by every user and that those passwords are changed regularly.

It also needs to make sure that sequential passwords are not used (such as Billy1 followed by Billy2, and Billy3) at each password change and that previously used passwords are not allowed.

Only by implementing password policies that match the requirements of the enterprise will it gain the trust of enterprise users.

And guaranteeing that trust should be Twitters primary responsibility.

Topics: Social Enterprise, Security, Enterprise 2.0

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Password Rules

    We can agree to disagree: it's the users' responsibility to make sure they employ a strong password, not the site owner. And forcing frequent changes; if you have a strong password it's not necessary.

    The only thing that should be laid on the site owners: number of failed attempts before locking the account and sending an email to the owner. No site should allow a bot to try 5 million passwords - more than a few failed attempts should be easy to identify.
    beau parisi
    • Too true

      If it was inherent site security, would they not have targeted some bigger companies- ms, apple, google, Samsung, etc. hitting a large tech company's security resonates more than a fast food joint.

      It's not a 90's film; there's no real skill or code breaking to this, they just tried companies over and over with simple password guesses - J33p_123 or something similar. In IT terms anonymous are not oceans 11, they're smash and grab; they try every door until they find one open. Their holy grail would have been tweeting "it's true, we copied apple" from Samsung, or "iOS 7 to use touch whizz" or such from apple They had to settle for jeep and bk.

      You're spot on it's password and account security, not the provider that seems to be at fault; as I say who wants to hack jeep when you could be posting as Obama?
      MarknWill
  • The most idiotic part of all of this?

    That people waste time following burger king and jeep.
    I Am Galactus