Jeep joins Burger King on Twitter hacked list, inspires MTV, BET to fake breaches
Hackers touted Cadillacs in Chrysler division's Twitter feed
By John P. Mello Jr.
February 20, 2013 — CSO — Jeep became the latest major brand to have its account hacked on Twitter.
Visitors to @Jeep's Twitter page on Wednesday saw a graphic header announcing that the Chrysler division had been sold to Cadillac.
The attack was similar to one launched on Burger King's Twitter account earlier this week; the hackers announced that the fast food chain had been sold to rival McDonalds.
Much of the content added to Jeep's Twitter feed contained content similar to that used in the burger breach, too. It included vulgar tweets and a photo of a person shooting up drugs in a bathroom with the caption: "We caught one of our employees in the bathroom doing this..."
The fake content was displayed on the Jeep site for some 80 minutes before Chrysler regained control of its account and purged the unauthorized material from it. Jeep announced it was back in charge with this tweet: "Hacking: Definitely not a #Jeep thing. We're back in the driver's seat!"
Although there was speculation that the hacker collective Anonymous and an affiliate, LulzSec, were involved, it remains unclear who was behind the attacks. Anonymous denied any involvement in the Burger King attack.
Chrysler and Twitter did not respond to requests for comment.
In an apparent move to exploit the publicity surrounding the Twitter hacks, MTV and BET, two Viacom properties, staged a bogus hack of each other's Twitter accounts. Each switched their profile photos. MTV's Twitter account displayed BET's profile picture, while BET's displayed MTV's. The switch ended after about an hour, with MTV tweeting "Catfish-ed you guys. Thanks for playing!"
"Catfish" is an MTV show where people try to suss out whether online heartthrobs are real or just fake Internet personas.
MTV and BET may have hoped to get a bump in the number of Twitter followers by faking a hack -- Burger King's followers jumped from 77,000 to 111,000 during its hack -- but the prank could backfire.
"There's already chatter on the Web about hackers attacking MTV and BET for pulling the stunt," Wilson Tang, head of digital creative for TBA Global, an engagement marketing agency in New York City, said. "They're putting a sign on their door for hackers that says, 'Come Attack Us.'"
While embarrassing to both Jeep and Burger King, he said, the hacks will likely prompt a review of social media management at other companies.
"Social media is so new, people don't have the policies in place for managing a Twitter account as people move in and out of an organization," he said. "I imagine a lot of companies will be doing that over the next few days."
When consulting with clients about social media initiatives, security usually isn't on the radar. But Tang expects that to change. "I think that discussion will come up more and more, especially as more and more high-profile brands like this do get hacked."
The Burger King and Jeep hijacks should be a wake up call for Twitter, said Chris Heuer, chairman and founder of the Social Media Club, a global organization for media makers. "This should push Twitter to deploy two-factor authentication," he said.
Two-factor authentication requires something in addition to a username and password to use an account. A common second-factor is a code sent to an account holder's phone.
Passwords alone aren't secure enough to protect online accounts, Heuer noted. "With all the personal information people are sharing publicly, all it requires is a little ingenuity to guess a person's password.
"Twitter needs to take action on this to protect users," he added, "and ultimately, to protect its own reputation."
Read more about social networking security in CSOonline's Social Networking Security section.