Fortinet Blog | News and Threat Research

Perhaps it had been too long since Twitter was the center of the public attention. Drama junkies were treated to a triple-whammy of cyber news this week when miscreants hacked into the Twitter accounts of Jeep, Burger King and none other than the global hacker collective Anonymous.

In an ironic twist of plot, the infamous hacker group’s Twitter account was apparently overtaken by rival hacktivists, according to the BBC.

All in all, the hacks appeared to be intended to shock users and cause mischief, not steal corporate or customer data. All of them, though, had an impact on brand and image for the victims:

-The perpetrators announced Burger King had been sold to rival McDonald’s, compounding the assault with vulgar tweets and jarring images.

-Cyber-hooligans directed their efforts at Jeep, a division of the Chrysler Corporation and falsely tweeted the parent company had been sold to Cadillac. The bogus content was up for more than an hour before it was purged from the site.

Thus far, the sources of the hacks have not been determined. Some reports have linked them to a cyber-gang in Eastern Europe, while others have linked them to more local culprits.

The hacks have prompted organizations to re-evaluate their social media and marketing practices. MTV and BET actually staged fake Twitter attacks, likely a marketing ploy to garner the same kind of media attention and traffic. But, for those that don’t believe Twitter hacks are the next frontier of marketing, what can be done to prevent this from happening again?

Users first need to shore up their password practices, which means using unique and complex passwords for every Twitter account (no dictionary words or re-using the same password from a separate account). Many highly publicized Twitter hacks – including one launched on Fox News last year – likely occurred as the result of easy-to-guess passwords or ones used to access other accounts.

Other best practices that users can apply to reduce the risk of becoming the next Twitter hack victim include not tying Twitter to e-mail or other online accounts. If hackers gain access to a Web email account, then it’s a matter of time before they can infiltrate Twitter, Facebook, Skype or other major social media.

Gizmodo, which speculated about the identity of the Twitter hacker, says the perpetrators were able to access the Burger King Twitter feed by resetting a password from a compromised email account.

Regardless of the validity, users should try to keep Web mail and social media in separate camps if they want to dodge hackers’ proverbial bullets. That may be easier said than done: Twitter asks users for an email address as a username. But users can circumvent that issue by entering a non Web-based email address.

In the interest of general security, users should keep their systems and applications up to date. Plenty of social media compromises have exploited vulnerabilities in previous versions of applications that have since been patched. Remember: There will always be many ways hackers can break into a Twitter account; users shouldn’t help them out by holding the door open.

Finally, users need to approach their Twitter account with a healthy dose of skepticism – which means double-checking Twitter.com is in the address bar when clicking on links and revoking access to suspicious/unfamiliar Twitter apps. Twitter will never ask for login credentials or other personal info. If such a request is made, it’s probably a phishing attack.

While none are completely foolproof, when these methods are used in concert, it’s likely users will be able to stay under the radar of hackers. In the long run, that’s one of the best marketing campaigns around.