A hacked Twitter account is nothing new. Unfortunately, on a regular basis I get suspicious direct messages and tweets from friends and followers with links to who knows where. They’ve been hacked. Usually, their friends flag that and it’s quickly cleaned up.
But what happens when that hacked account has more than a half million followers? When it’s verified and belongs to one of the most venerable international news organizations? When the hacked content isn’t a questionable link but what would be the most major national security story since maybe ever?
Well, that happened yesterday when the Associated Press saw its account compromised and 71 hijacked characters about explosions at the White House sent the stock markets briefly down and got notice of everyone from the FBI to the SEC. The hacked account was quickly taken offline and suspended. But as Ryan Sholin pointed out this morning when the account was reinstated (but briefly before the offending tweet could be deleted) — more than 4,000 people had retweeted that note (and those are only the ones who used the RT button instead of quoting or adding their own commentary).
— Ryan Sholin (@ryansholin) April 24, 2013
AP’s Eric Carvin posted a response this morning about the hacked account and by now, the feed is back and running.
— The Associated Press (@AP) April 24, 2013
The AP also posted about the hacking and what occurred — including the details on who all is investigating and who’s claiming responsibility. In short, this caused a major problem.
The AP isn’t elaborating on its security, but this is probably a good time for news organizations everywhere to change and bolster their passwords, and do a quick evaluation of its social media and content management system accounts. Consider:
- Who has or has had access to these accounts? Does everyone with admin privileges or access still need it? Have you changed the passwords and other access information recently, especially if someone who previously had access has left? (Think about the on-going court case where a former social media editor is accused of aiding in the hacking of his former employer by supplying log-in credentials.)
- How would you react if your account was hacked? Form a plan now so if something does happen you know what and how to shut down and how to get the correct information out ASAP. While usually correcting wrong information in a prior tweet rather than deleting it is standard practice, the AP was correct to remove the hacked tweet AND correct the information. Leaving it up would have left it open to being stumbled on or RTed again down the line, showing up in Twitter feeds and search results and potentially causing more panic.
- How strong is your password? This is actually the most key and probably most overlooked. Is your password truly unique across every account in your system? And is it strong? No password is uncrackable, unfortunately. But when people trust who you are and what you say is accurate, making it as strong as possible is important. That means for starters (and Wired has the for advanced users explanation) your password should be long, not be found in the dictionary or your profile, and most importantly, be unique.