Hacks call Twitter’s security into question

Attack on Burger King underlines problems for a fast-growing advertising venue

While most Americans were winding up their holiday weekends last Monday, the phones at the Vancouver, British Columbia, headquarters of HootSuite, a social media management company, began to ring.

Burger King’s Twitter account had been hacked. Its logo had been replaced by a McDonald’s logo, and rogue announcements began to appear. One was that Burger King had been sold to a competitor; other posts are unprintable.

“Every time this happens, our sales phone lines light up,’’ said Ryan­ Holmes, chief executive of HootSuite, which provides management and security tools for Twitter accounts, including the ability to prevent someone from accessing an account. ‘‘For big brands, this is a huge liability,’’ he said, referring to the potential for being hacked.


What happened to Burger King — and, a day later, to Jeep — is every brand manager’s nightmare. While many social media platforms began as a way for ordinary users to share vacation photos and status updates, they have evolved into major advertising vehicles for brands, which set up free accounts but have to pay for more sophisticated advertising products.

Get Talking Points in your inbox:
An afternoon recap of the day’s most important business news, delivered weekdays.
Thank you for signing up! Sign up for more newsletters here

Burger King and Jeep, owned by Chrysler, are not alone. Other prominent accounts that have fallen victim to hacking include those belonging to NBC News, USA Today, Donald J. Trump, the Westboro Baptist Church, and even the hacktivist group Anonymous.

Those incidents raised questions about the security of social media passwords and the ease of gaining access to accounts. Logging on to Twitter is the same for a company as for a consumer, requiring just a user name and one password.

Twitter, like Facebook, has introduced a number of paid advertising options, raising the stakes for advertisers. Brands that pay to advertise on Twitter are assigned a sales representative but don’t get any more security than a typical user.

Ian Schafer, chief executive of Deep Focus, a digital advertising company that also fielded phone calls from clients concerned about the Burger King attack, said Twitter bore some responsibility.


“I think Twitter needs to step up its game in providing better security,’’ Schafer said. In a memo to his staff, he called on Facebook, Twitter, Pinterest ‘‘and anyone else serious about having brands on their platform’’ to ‘‘invest time in better understanding how brands operate day to day.

“It’s also time for these platforms to use their influence to shape security standards on the Web,’’ he wrote.

The risk for Twitter is in offending potential business partners as it tries to get more advertising dollars. In 2012, the company grew more than 100 percent, earning $288.3 million in global advertising revenue, eMarketer says.

On Wednesday, it introduced a product that would allow advertisers to create and manage ads through third parties like HootSuite, Adobe, and Advertising is estimated to account for more than 90 percent of the company’s revenue.

“This is not something we take lightly,’’ Jim Prosser, a Twitter spokesman, said last month. (The company declined to comment on the Burger King hacking.) Prosser said Twitter has manual and automatic controls to identify malicious content and fake accounts, but acknowledged the practice was more art than science.


Last year, Twitter sued those responsible for five of the most-used spamming tools on the site. ‘‘With this suit, we’re going straight to the source,’’ it said in a statement. ‘‘We hope the suit acts as a deterrent to other spammers.’’

But security experts say, and the hacks of Burger King and other brands have demonstrated, that Twitter could do more.

‘‘Twitter and other social media accounts are like catnip for script kiddies, hacktivists, and serious cybercriminals alike,’’ said Mark Risher, chief executive at Impermium, a start-up that aims to clean up social networks. ‘‘Because of their deliberately easy access and liberal content policies, accounts on these networks prove irresistibly tempting.’’

‘‘Social media meltdowns,’’ as Holmes calls them, raise questions about how easy it is for Twitter accounts to be compromised.

“If you’re a competing brand to Burger King, you’re immediately going to be thinking about how to protect your brand and how you can prevent this from happening to you,’’ Holmes said.