(screenshot via CNN)
Twitter is warning media outlets to be “extra vigilant” in light of today’s incident involving a fake tweet sent out by hackers that had gained access to the Associated Press’ Twitter account, @AP. It’s also good advice for brands and marketers — and for all Twitter users, actually.
Shortly after 1:00 pm EST today, the AP’s account sent out a (fake) tweet saying that President Obama was injured after “two explosions in the White House.” The Dow Jones stock market index momentarily tanked almost 150 points. The AP disabled its Twitter accounts, at least temporarily. And the FBI is investigating the whole thing, no doubt due to the content of the fake tweet.
It’s the second such recent episode: CBS said a couple of its Twitter accounts were compromised on Sunday. In both cases, a group called the Syrian Electronic Army claimed responsibility for compromising the accounts.
Ops! @ap get owned by Syrian Electronic Army! #SEA #Syria #ByeByeObama twitter.com/Official_SEA6/…
— SyrianElectronicArmy (@Official_SEA6) April 23, 2013
The AP says that it was on the receiving end of corporate phishing attempts shortly before the fake tweet was sent out, which suggests that at least one employee may have given away the company’s login details accidentally.
Twitter sent out an email to unspecified media members at about 6:00 pm EST today saying that it’s still investigating what happened, and asking news organizations to be “extra vigilant” about phishing attempts.
While we investigate, we wanted to get in touch to provide some information to help keep your account secure. And given the recent incidents, it is especially important to be extra vigilant about any attempt to phish your information. Please review the security recommendations on our Support site.
It’s not just media outlets that need to be careful about security. It was just a couple months ago that big brands like Jeep and Burger King also had their Twitter accounts compromised.
What About Two-Factor Authentication?
There have been vocal calls for Twitter to add two-factor authentication going back to February, when the company said that hackers may have accessed 250,000 user accounts.
Days later, Ars Technica reported on a new Twitter job listing for engineers to develop “user-facing security features, such as multifactor authentication and fraudulent login detection.”
That’s the clearest sign that the extra security is coming to Twitter, but a spokesperson today told us that Twitter has “no new product announcements at this time.”
Microsoft recently announced that it’s adding two-factor authentication for its user accounts, as did WordPress for its wordpress.com bloggers. Facebook, Dropbox and other major Internet companies also offer it. Google has been offering it since 2011.
Postscript: Wired is reporting that Twitter is working on adding two-factor authentication:
Twitter has a working two-step security solution undergoing internal testing before incrementally rolling it out to users, something it hopes to begin doing shortly, Wired has learned.