The latest tweets from @APPolitics. We would like to show you a description here but the site won’t allow us.
If Twitter needed any more evidence that it has a serious security problem, this should do it: Stocks plunged sharply on Tuesday after a hacker accessed a newswire's account and tweeted about a false White House emergency.
The shocking tweet came from the Associated Press earlier this afternoon: 'Two Explosions in the White House and Barack Obama is injured.'
The AP's communications team quickly tweeted from its own account that the main AP Twitter was compromised, but investors had already panicked. The Dow Jones industrial average(INDU) immediately plunged by more than 140 points.
And there it is: After years of hacks that typically involved little more than obscene language, Twitter's subpar security measures have now caused serious real-world consequences.
Many hacks happen when account owners use guessable passwords or access Twitter over public Wi-Fi and shared computers. If one person who tweets from a corporate account loses his or her phone, an entire corporation's Twitter account could be at risk.
The AP incident appears to be an example of social engineering. The news service posted a story Tuesday afternoon explaining that attackers gained access to the account after launching phishing attempts. When phishing, attackers pose as legitimate companies, such as Twitter, in an attempt for account holders to give up their passwords.
While Twitter can't control those issues, critics say the company could do more to prevent them.
Security pundits have called on Twitter for years to beef up its security using simple methods: Sharply limit the login attempts allowed from a single IP address. Let only one person access a Twitter account at a given time.
Ideally, Twitter would employ a 'two-factor authentication' login method. It's a basic security tool already used by Google(GOOG), Facebook(FB) and Dropbox that requires both a password and a piece of data, such as numbers sent via text message.
Twitter began posting job listings earlier this year for engineers to work on two-factor authentication. The posts came after Twitter's own systems were hacked, and the attackers gained access to usernames as well as encrypted and randomized passwords for about 250,000 users.
But job postings don't mean much until serious changes are implemented. Meanwhile, the hacks have continued. News organizations are a particularly attractive target thanks to their reach and influence.
The Twitter accounts of CBS'(CBS) 60 Minutes and 48 Hours were compromised over the weekend. In July 2011, News Corp.'s(NWS) Fox News account -- followed by more than 2 million people -- was hacked and tweeted that President Obama had been assassinated.
That same month, eBay's(EBAY) PayPal United Kingdom Twitter feed was hacked, and the profile photo was changed to a pile of excrement. Comcast's(CMCSA) NBC News account was also compromised two months later, falsely tweeting that a plane had crashed into the Ground Zero area of Manhattan.
In February of this year, both the Burger King(BKW) and Jeep Twitter accounts were hacked during the same week.
It's unclear what, if anything, Twitter plans to change. As always, a company spokesman said, 'We don't comment on individual accounts for privacy and security reasons.'
Ap Twitter Potato Head
So far, Twitter has put the onus on brands to ensure they're being smart about choosing and sharing passwords. Following the Jeep account hack earlier this year, Twitter tweeted a link to a 'friendly reminder about password security.'
Twitter can tweet about best practices all it wants, but that approach clearly isn't working. When hacks do happen, the company does a good job of restoring compromised accounts typically within a few hours. But as the AP hack proves, these attacks can have damning real-world effects.
Ap Twitter Account Hacked
The Associated Press Twitter account (@AP) was recently hacked resulting in the following Tweet:
Ap Twitter News
This single Tweet caused a brief $136 Billion crash in the stock market and eventually led to the suspension of the @AP Twitter account along with several other Associated Press Twitter accounts.
How the AP Twitter Account Was Hacked
The AP has confirmed the attack was a result of a simple phishing attack. Various employees of the Associated Press received the following email:
From: Associated Press Technology
Tue 4/23/2013 12:29 PM
All Staff –
Some users are receiving emails that appear to have a link to a Reuters or Washington Post news story. This email is a phishing attempt that takes users to a bogus site requesting you to log on. Users are advised not click to click on the link and not to enter their logon credentials. If you have already clicked on the link, or entered your logon credentials, please contact the help desk immediately.
Mark House
Information Security
The Associated Press
mhouse@ap.org
Office: 609.860.7233
This is the phishing email:
Sent: Tue 4/23/2013 12:12 PM
From: [An AP staffer]
Subject: News
Hello,
Please read the following article, it’s very important :
http://www.washingtonpost.com/blogs/worldviews/wp/2013/04/23/
[A different AP staffer]
Associated Press
San Diego
mobile [removed]
How does a Phishing Attack Work?
The phishing email seems innocent enough, just a link to a Washington Post article right? Not quite, the site likely displayed the article but then prompted the user to login. The prompted login request is a clear warning sign that something is not right.
We can conclude that at least one Associated Press employee ended up logging into a bogus site with the same password used for the @AP Twitter account.
Ap Twitter Trends
The hackers were then able to login to the @AP account at Twitter.com with this password and send the bogus Tweet.
Sharing Twitter passwords with multiple employees increases the chances that one of them can fall victim to a similar phishing or other hacking scam.
How to Keep Your Organization’s Twitter Account Safe?
The big takeaway from this story is to stop sharing your Twitter password with your employees. The fewer people that know and use your Twitter password the better! As explained on Twitter’s site for newsrooms, “No matter how strong your password is, if someone else knows it, it’s no longer secure.”
Other Tips to keep your account safe:
- Use a secure password
- Use two-factor authentication when launched by Twitter
- Link your phone to Twitter. Allows you to regain control of your account
- Don’t login to your organization’s Twitter account over public Wi-Fi
- When logging into Twitter make sure the domain is Twitter.com
- Be very skeptical when an emailed link prompts you to login to Twitter
- If your account is compromised visit Twitter’s support page
You might be wondering, how can an organization like the Associated Press allow multiple contributors to help Tweet and manage their Twitter accounts without sharing the passwords with everybody?
Great question, the answer is GroupTweet!
GroupTweet allows multiple contributors to tweet from a single Twitter account safely and securely
There is no need to hand out your Twitter password to your employees. Keep your account passwords secure by using GroupTweet. Organizations that use GroupTweet get the best of both worlds. GroupTweet allows multiple journalists to Tweet from a company account without having to give out the password!
Better yet, its super easy for your contributors and employees. With GroupTweet, appproved contributors simply send Tweets from their personal Twitter accounts and include either a specific hashtag or @mention the company account. No need for contributors to login to a new dashboard or learn some new app.
GroupTweet is being used by News & Media organizations everywhere such as ESPN, FoxNews, ABC, CBS, NBC and others! GroupTweet not only helps you keep your passwords secure, but it also increases the efficiency and engagement of your Twitter accounts by allowing you to source content from your employees.
How are Others Using GroupTweet to Tweet Efficiently and Securely?
Ap Twitter Hacked
We thought you would never ask! To learn more about how other new & media organizations are using GroupTweet, check out this blog post.
Hi, I'm Ryan Craft, Co-Founder of GroupTweet.com. GroupTweet allows you to add multiple contributors to a single Twitter account - creating a seamless group Twitter experience. Want to learn more? Click here for some examples or reach out via Twitter, you can find me @craft_ryan