Technology & Data
- Big Data
- Tech & Innovation
How to Get Your Sales and Marketing Teams to Work in HarmonyContent Marketing for Midsized Companies: Whom to Target, What to CreateAtri Chatterjee of Act-On Software on the New Generation of MarketersMarketing Automation: What It Is and Why You Need to Know
- Social Tools
Join us September 15th in Atlanta for The Employee Advocacy Summit and learn how to unleash the power of your employees.
Post your event here and we'll share it with our community. If one of our members is featured, we'll promote as well on their profile.
- Marketplace & Webinars
The SMT Marketplace
Your resource for exclusive content and insights from Social Media Today, and opportunities to reach our community of professionals.
The Social Business Book Club brings you books, discussions, and insights from today's to business thought leaders.
Join interactive talks and and panel discussions with leading thinkers and practitioners on social media and networked business, or browse the catalogue of recorded sessions - all completely free.
Reach Social Media Today's community of marketing and communications professionals in an editor-approved context with a native advertising package.
First Aid for Twitter Hijacking
Posted on March 4th 2013
It feels as though February was a bumper month for company Twitter hijacking. Burger King and Jeep both suffered high profile attacks. Scottish Power customers received phishing emails and French news agency APF’s photo feed account @AFPphoto was taken over by pro-Syrian lobbyists.
It goes without saying that speed is of the essence to defend your brand against a similar attack. Here’s our cut-out-and-keep guide to Twitter hijacking:
Update 2 May 2013: In the light of the recent spate of high profile media hackings, Twitter has issued advice for the media, which where appropriate, I've incorporated into this guide.
Prepare to protect your company Twitter account
- Keep your password strong and secure and change it regularly. How strong? Minimum 20 randomly generated characters including numbers, punctuation and uppercase. Nothing linked to the account please, like ‘MyC0mpanYPa55W0rd!’). Never email your password. Use a secure log-in (we use OneLogin and GroupTweet) so you don’t have to share the password. Change it every few months.
- Using a Password Manager integrated into your browser can help prevent
successful phishing attacks and will allow you to use very strong passwords which can't be memorised. Third-party solutions such as 1Password or LastPass, as well as the
browser’s built-in password manager, will only auto-fill passwords on
the correct website. If the password manager does not auto-fill, this
might indicate a phishing attempt.
- Never send logins via email. even internally. Use the phone or IM instead.
- That being said, Twitter uses email for password resets and official communication.Keep your email accounts secure. If your email provider supports two-factor authentication, enable it. Don't use the same passwords for email as for anything else.
- Remember which email address you are using with the account at https://twitter.com/settings/account, and keep it secure.
- Get a mobile/cell number associated with the account via the profile settings and verify it. Consider using the new two-step authentication process offered by Twitter (read eModeration’s view on it here).
- Watch your output. Stating the obvious, but make sure that you have a column open watching your feed and that it is monitored as close to 24/7 as you can get.
- Have an escalation process in place with 24/7 contacts and ensure it is available to all who may need it. Keep it updated!
If your Twitter account has been hacked
1. Accounts which don’t pay for promoted Tweets
- Change your password immediately, if that’s still possible.
- If you can’t log in to change it, then request an email from Twitter via the password resend form, which will give you the opportunity to reset it. Be sure to use the username and email address associated with the account.
- Lost access to the email account associated with the account? Try entering the phone number you had verified in that form instead to reset it via SMS.
- If you've lost access to the email address that's linked to your Twitter account and haven’t got a phone number associated, you can try contacting your email service provider to try and regain access. Here are contact links to common email providers.
2. Accounts which DO pay for promoted Tweets
- Follow all the steps to try to change the password – but with your other hand, immediately file a report here: https://ads.twitter.com/login/?help=please. Be clear about the name of the company Twitter account and the severity of the hijack.
- Contact your account manager at Twitter who will call the tech teams to shut down the page.
- Follow the escalation plan you have in place which will give you the process and 24/7 contacts for clients (if you are an agency), management, legal, social media team and PR.
After you have control again
- Put out a statement alerting the public to the hacking and misinformation, with an apology to the community.
- Delete the errant tweets and pictures.
- If humour is at all appropriate, then it’s an effective method to get the crowd back on your side.