With two recent brand-hacking incidents, Twitter is facing rising calls to improve its security. How can you keep your own association’s brand safe on social media?
When Burger King’s Twitter account got hacked on Monday, many organizations running social media accounts probably saw their own lives flash before their eyes.
How can you prevent a similar thing happening to your association’s accounts? More details on the incident, and security precautions you can take, below:
Interesting day here at BURGER KING®, but we’re back! Welcome to our new followers. Hope you all stick around!
— BurgerKing (@BurgerKing) February 19, 2013
What happened? On Monday, the official Twitter account for Burger King was compromised, with a hacker changing the account’s art to match the McDonald’s Twitter page. While amusing, the incident nonetheless sounded alarms for brand owners. For nearly two hours, the hacker posted updates disparaging Burger King before the account was shut down. On Tuesday, a similar incident took place with the Jeep account; a hacker replaced its branding with Cadillac.
Twitter essentially treats as equals brands with millions of followers and people with only a handful, offering one standard account type to serve both.
How it happens: One security expert, Bruce Schneier, has often pointed out the dangers facing social network users regarding passwords, as cracking mechanisms and so-called dictionary attacks have raised risks. “It’s not just computing speed; we now have many databases of actual passwords we can use to create dictionaries of common passwords, or common password-generation techniques,” he noted in a 2012 blog post. In 2007, he offered an oft-cited post on how to choose a password that will make it less susceptible to attacks.
What you can do to prevent it: Twitter offered advice on the matter Tuesday, including a suggestion to use a strong password: “Your password should be at least 10 characters that include upper- and lower-case characters, numbers, and symbols. You should always use a unique password for each website you use; that way, if one account gets compromised, the rest are safe,” the company’s director of information security, Bob Lord, explained. Beyond that, Twitter suggests users be wary of suspicious links and keep computer software up to date.
Could Twitter do more? One criticism that the company often faces in the wake of the hacking incidents is that it does not offer a “two-step” security mechanism, which would tether an account to a mobile phone, informing the user of an attempted security breach and preventing remote access to the account. (Other services, including Google, Dropbox, and Facebook, offer this functionality.) AdAge‘s Cotton Delo, meanwhile, is particularly tough on Twitter’s approach to brand security, arguing that “Twitter essentially treats as equals brands with millions of followers and people with only a handful, offering one standard account type to serve both.”
Could two-factor authentication protect Twitter users from hacking incidents? “Yes,” Schneier told Business Insider, “but usability is the most important consideration here. Twitter wants people to use their system, not be annoyed by the security.”
What security mechanisms do you have in place for your social media accounts? Tell us your ideas in the comments.