Jeep Twitter account hacked - is it Twitter's fault?

On Monday Burger King's Twitter account was hacked, today Jeep's account was compromised. Are brands taking enough care of their social properties?

Burger King briefly suspended its Twitter account on Monday after its account was apparently taken over by hackers.

Burger King
Credit: cbsnews

 Tweets from the Burger King compromised account included references to the hacker group Anonymous and LulzSec. The hashtag #OpMadCow was used to refer to the takeover.

On Tuesday, the Twitter account for Jeep was taken over by presumably the same hackers that hacked the Burger King account. The hashtag #OpMadCow was again used.

Jeep’s Twitter description was modified to “The official Twitter handle for the Jeep – Just Empty Every Pocket, Sold to Cadillac –[#OpMadCow #OpWhopper.

Cadillac moved to state that it was not connected to the hack:

Just to clarify, Cadillac is not connected to the hack of the @jeep Twitter account.

— Cadillac (@Cadillac) February 19, 2013

Tweets claiming that Jeep had been sold to Cadillac were deleted by Jeep when it regained control of its account:

Hacking: Definitely not a #Jeep thing. We’re back in the driver’s seat!

— Jeep (@Jeep) February 19, 2013

Burger King tweeted “.@Jeep Glad everything is back to normal” which elicited this response from Jeep:

.@burgerking Thanks BK. Let us know if you want to grab a burger and swap stories - we'll drive.

— Jeep (@Jeep) February 20, 2013

Two brands with a large following on Twitter have been hacked in the last two days. Burger king has 113,000 followers and Jeep has 108,000 followers.

Both accounts seem to have been hacked by the same group.

Both brands, as far as I know have never had their web sites compromised, yet their main social feeds seem to have been both hacked with ease.

This raises a couple of issues. Do brands place the same policy and security standards for social feeds as they do to access their web sites?

Are passwords easier to crack on Twitter because there might be several people accessing the account and an easier password might be used?

Or is Twitter itself inherently insecure with easily bypassed security?

At the beginning of February Twitter sent out thousands of emails requesting that users changed their passwords after a number of accounts had been compromised.

Twitter stated that resetting the password for users was “a routine part of our processes to protect our users”.

But with more and more brands relying on Twitter for communication the need to have adequate layers of security and account integrity becomes more important for customer communications.

We need to be able to trust the messages from the brands we follow.

Twitter needs to ensure that long complex passwords are created by every user and that those passwords are changed regularly.

It also needs to make sure that sequential passwords are not used (such as Billy1 followed by Billy2, and Billy3) at each password change and that previously used passwords are not allowed.

Only by implementing password policies that match the requirements of the enterprise will it gain the trust of enterprise users.

And guaranteeing that trust should be Twitters primary responsibility.

Show Comments