How to outwit Twitter hackers

The ordeal lasted less than a day, and is now largely forgotten. But then again, that’s Twitter’s M.O. —short and sweet. That’s good for United Airlines, which probably would like to forget about an embarrassing Twitter-related incident last week.

Katie Evans


The whole ordeal lasted less than a day, and is now largely forgotten. But then again, that’s Twitter’s M.O. -short and sweet. That’s a good thing for United Airlines, which probably would like to forget about an embarrassing Twitter-related incident last week.

United Airline’s Twitter account was hijacked last Friday by a hacker who sent out a tweet offering “Better Sex.” The airline immediately deleted the message and sent an apology tweet to its followers: “We`re sure you know that tweet wasn`t ours. Our Twitter account was hacked. Problem resolved. Sorry about that.” However, such an ordeal raises larger questions for e-commerce companies which are increasingly eyeing the popular social network as a valuable (and free) marketing tool. How can e-commerce companies avoid a similar debacle, protect their accounts and quickly pick up the pieces when something goes awry?

A recent survey by web marketing consultants E-consultancy of 400 companies, 19% of which were e-retailers, found 77% were using Twitter. Companies are growing their social media efforts, in part, because social marketing is relatively inexpensive. 32% of companies do not spend anything on social media beyond their employees’ time, 36% spend less than $5,000 a year and 12% spend $10,000 or less.

But using Twitter as a marketer comes with responsibilities, says Josh Bernoff, a social media analyst for research and consulting firm Forrester Research Inc. First, he says, e-commerce companies need to have an employee dedicated to monitoring Twitter 24 hours a day. “You can’t take the weekend off,” he says. “Your account could be spewing bad messages for days and no one would know.”

Companies need to take their Twitter security strategy seriously, experts add. For example, many companies give the task of managing a Twitter account to an unpaid intern or have several employees-from customer service staff to public relations employees-accessing and managing the account. Every person who has access to the account should be briefed on ways to keep it secure, experts say.

For example, Bernoff says one of the most common ways that hackers nab log-in information is by taking over another account and sending a mass message to that account’s followers. The message might contain a photo or a link, and in order to access it a user is prompted to enter his password again. When he re-enters his information, the hacker grabs it, Bernoff says. This type of attack is often successful because it looks as if the message is coming from a trusted follower, Bernoff says.


One way to avoid entering information on a fake page is to look carefully at the URL, Bernoff says. If the web address is strange, such as exceptionally long or not Twitter.com, don’t enter log-in information, Bernoff says. “Never type in your password without looking at the URL,” he says.


It’s easy to get hacked on Twitter, adds Bob Pearson of the Social Media Business Council. He should know. It happened to him. Pearson says he was hacked because his password was just too simple. “A lot of companies use a very simple password,” Pearson says. “If hackers put their mind to it, they can crack a single sign-on. They can outwit Twitter.” A single sign-on permits a user to enter one name and password in order to access multiple applications.

Getting hacked is one Twitter security issue; another that is more difficult to control is someone impersonating a company on Twitter. It’s an issue Exxon Mobil knows too intimately. In 2008, an imposter set up an account under the oil giant’s brand name and began sending out tweets about the company.

Twitter is working to avoid such debacles through its beta `Verified Account` feature. Verified accounts are often used by celebrities to prevent identity confusion (so a follower knows a tweet she receives is from the genuine Lady Gaga and not some mischievous teen). Users fill out information that proves they are who they say they are and Twitter places a special badge on their Twitter profile.

“We`re working to establish authenticity with people who deal with impersonation or identity confusion on a regular basis,” Twitter says on its web site. “We`re starting with well-known accounts that have had problems with impersonation or identity confusion.”

For now, however, Twitter is not accepting verification requests for business accounts. “We are currently testing verification with some businesses and working hard at making this feature available to all businesses,” Twitter says. “While we are not accepting new business verification requests, if you have already submitted one, we have you on our list.”




Online social networking, Password, Real-time web, social media, Web 2.0