We Got Hacked! Social Media’s Security Issue…or PR Stunt?

NBC News, The Associated Press, The New York Times, Burger King, Fox News, PayPal, Jeep, Wall Street Journal, Washington Post, Bloomberg News, CBS, and "60 Minutes" are all part of the community of thousands of brands engaging with consumers through social media channels.

They are also all victims to having those social media channels compromised by unwanted hackers.

This past weekend, Chipotle’s twitter account appeared to have joined the growing list of accounts to go haywire. The series of twelve tweets were a rather odd list of commands: 

 Chipotle was quick to apologize, telling Mashable "I'm glad no one went Anthony Weiner on us, but everything seems to be fine." 

Many are now questioning whether this mishap was in fact a mistake, an unwanted intruder, or just a carefully placed act of PR (They do have a new major promotional contest in full swing).

The bigger question I have is why are these unwanted tweets still appearing…and what can companies do to stop it?  

Staying Secure

Chipotle’s recent Twitter stumble is minor compared to the mess that Burger King’s account suffered earlier this year.

For the hour that the fast food chain’s account was unknowingly exposed, it had been changed to appear as being sold to McDonald’s, while displaying tweet after tweet of inappropriate content. 

 In an attempt to curb these embarrassing invasions, Twitter recently updated their login system in order to provide users with the option to implement a two-factor authentication for account access. Users will be asked to register a phone number and e-mail account, providing a unique six-digit code that will be send to the number and required for each successful login. 

"Every day, a growing number of people log in to Twitter," Jim O'Leary, member of Twitter’s Product Security Team, said in a blog post. "Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web."

Unfortunately Twitter can only do so much in providing protection, and companies need to be aware that security responsibility and control lies directly in their hands.

Companies should follow these guidelines to help increase their account security and reduce the risk of becoming the next hacking victim:

• Strong Password Creation: Your password should not only be difficult to guess, but should include numbers, special characters, and capitalized characters to create maximum strength.

• Private Internet Access: When using a public Wi-Fi, it becomes much easier for your account to be accessed by unwanted users. Always login to your accounts under the security of a private internet connection.

• Consistent Log Out: Remember to log out of your company/client accounts when not in use! This is crucial to prevent outside users accessing your account, especially in the event that your electronic device gets lost or stolen.

• Resisting the Phishing Net: Hacking victims often fall trap to deceptive phishing schemes asking for personal information. NEVER give away secure information to suspicious requests, and always check the source of the e-mail address.

Cry for Attention?

Over 30,000 new followers, 73,421 retweets in over an hour, and a spot on the trending topics list.

No, this is not the result of Burger King’s perfectly executed social media campaign, but rather the exposure hackers have gained for the account they have exploited.

Turning a negative into positive, companies can take what can appear to be dreadful situations into ones of massive brand exposure and attention.

Unfortunately, others have tried to take advantage of this PR opportunity and in turn stage their own account “hacking.” 

But not only have those attempts for attention been deemed unethical, they actually turned users away from engaging with them in the first place. 

Takeaway

Like any other type of information, keep your social logins secure and safe because no one likes a hacker – especially a fake one. Although the hacked or, uh-hem, “hacked” tweets generate a lot of RTs and possible followers, what does that say about your brand? Aren’t you supposed to be crafting authenticity in your social media strategy?

Remember this, brands: your PR stunts may produce some laughs, but a month from now the general public won’t really care. Instead, they’ll be demanding quality, relevant, genuine content, and if they don’t get it, you can be sure they won’t hesitate clicking “Unfollow.”

**UPDATE: Only hours after this post was orignally published, ABC news has reported that Chipotle's twitter account was indeed hacked...by none other than Chipotle themselves.

"Chris Arnold, director of communications at Chipotle, told ABC News that the planned tweets were part of a broader 20th anniversary promotion...'The idea was to incorporate it into our broader social media promotion,' Arnold said. 'We did it to get more people talking about that short string of posts.' "

Dear Chipotle, people have a tendency to unfollow liars. You've got us all foiling your plot on this one rather than unfoiling your burritos...was it worth it?