Two days, two major brands' Twitter accounts hacked. Does Twitter provide enough security and service to the brands who rely on it to communicate with millions of consumers?
Twitter began as a platform for people to send short, mass messages, and as brands began to uncover its usefulness, they, too, jumped in. Today Twitter essentially treats as equals brands with millions of followers and people with only a handful, offering one standard account type to serve both. But events over the past two weeks, including the hacking of a pair of brand accounts, Jeep and Burger King, point to the need for a distinction.
Take, for instance, security. Should Twitter have more enterprise-level security for its brand accounts, which are increasingly how marketers communicate with millions of fans? Right now, the same level of security that applies to a regular Twitter user also applies to a brand with millions of followers. Over the past two days Twitter kept silent on the issue of security, other than to tweet "a friendly reminder about password security" from the @TwitterAds account, with a link to a blog post that leads with a tip about using strong passwords.
Twitter declined to comment on the hacks, citing the privacy of individual accounts. But Gizmodo has made a speculative ID of the hacker based on the content of his tweets and posits that the Burger King account was breached by resetting a password via a compromised email account.
It's unclear whether lax password-security practices by the brands were a factor, but it seems unlikely in light of the vigilance most big brands practice where community management is concerned. Matt Wurst, 360i's director of digital communities, suggests between five and 10 people total normally have the password for a major marketer's Twitter account at any given time, in his agency's experience.
At a minimum, there have been calls for Twitter to implement two-factor authentication, which Facebook has offered since April 2011. Google and Dropbox also use that tactic to improve security for users. On Facebook, this requires a user to verify his or her identity by responding to a text in order to access a Facebook account from a new device.
Twitter has hinted that it will implement the same security provision, even posting a job listing for a software engineer to focus on product security and work on features like "multifactor authentication." But it's given no explicit timetable for when the rollout can be expected.
"They've been oddly silent about this, and I think they can't be for long," said Ian Schafer, CEO of Deep Focus. "Two-step authentication is long overdue. Other companies, including their competition, have it."
While much of the past two days' focus has been on account security, there's other evidence that Twitter may need to create special services and accommodations for its brand users. Take, for instance, the experience of Coca-Cola during the Super Bowl. The marketer could not tweet from its handle for almost two hours because it had exceeded the limit of 1,000 daily tweets allowed by Twitter, a measure that 's largely in place to curb spam.
Upside of hacked
The potential to be hacked is the social-media bogeyman that haunts many brands, but the week's hacks unveiled a potential upside: an infusion of new followers that neither brand had to spend money to attract. Burger King grew its follower count from 83,000 to 110,000 inside of an hour. Tweeted the brand Monday night when it was back in the driver's seat: "Interesting day here at BURGER KING, but we're back! Welcome to our new followers. Hope you all stick around!"
Other brands tried to horn in the act. MTV was widely derided for trying to insert itself into the fracas after the network faked a hack modeled after the other two, replacing its logo with BET's, before tweeting that it was all a joke. And Denny's posted a mocking tweet: "OMG we hacked ourselves because it's the cool thing to do!"
Social-media agency M80's president, Jeff Semones, lauded Burger King's example and said it proves that some positive can be derived from an account hack, depending on how the aftermath is handled.
"It's the way we respond as marketers that determines whether we earn respect or get dinged," he said.