It seems like it happens every holiday. A celebrity or major corporate brand loses control of its Twitter account.
Perhaps it is less than coincidental than that the king of burgers was compromised on the American holiday honoring her presidents.
Like other recent hacks, it appears to have been done more for the lulz than to cause anyone any lasting harm.
Whoever hamburgled the account began by modifying the graphics and account name to appear to be its arch rival McDonald’s.
“Just got sold to McDonalds because the whopper flopped =[FREDOM IS FAILURE℠. In a hood near you”
The actual McDonald’s Twitter account was quick to reply:
“We empathize with our @BurgerKing counterparts. Rest assured, we had nothing to do with the hacking.”
Some of the tweets sent out during the time it was under control of the attackers promoted a Chicago rapper named Chief Keef.
This just goes to show you can’t always trust an account simply because it is a verified. One person on Twitter made a joke concerning password security:
“Somebody needs to tell Burgerking that ‘whopper123’ isn’t a secure password”
While that may be how this happened, if we look as past incidents it could also be from having too many cooks in the Twitter kitchen.
Many brands are using tools like HootSuite and If This Then That to allow multiple people to post the a Twitter feed without disclosing the password for the Twitter login itself.
While these tools are incredibly powerful, if not used properly they can dramatically increase the password attack surface.
Administrators have no visibility into the password strength of the sub-accounts used to post to its feed.
This is another example of why Twitter needs to introduce two factor authentication as soon as possible.Follow @chetwisniewski
Leave a reply