Jeep Is Second Major Brand to Be Twitter-Hacked
A second major brand has had its Twitter account hacked in a little more than a 24-hour period.
Jeep is today's victim, with its background image swapped out this afternoon to show a sedan painted with the McDonald's logo and colors.
A couple of tweets from the hackers read "#BOOTYGANG #ITHUG" and "We got sold to @Cadillac because we caught our employees doing these in the bathroom =[", with an attached picture of a man holding a bottle of pills.
As of 2:02 p.m. ET, the background color had been restored to black, though the hackers' tweets were still in the tweet stream. And as of 2:17 p.m., the handle's main picture -- which had been changed to the Cadillac logo -- had been changed back to a default image. Meanwhile, the Cadillac Twitter account has tweeted that it's not responsible for the hack.
McDonald's was also the subject of the hack of the Burger King account yesterday, when the handle's photo was swapped out to an image of the famous Golden Arches. The hackers' tweets were thematically similar to today's on the Jeep page, including one that read, "We caught one of our employees in the bathroom doing this... #soldtomcdonalds #failurewhopper @McDonalds" and included a link to a picture of a man sticking a needle in his arm.
Twitter declined to comment further on the Burger King incident, citing privacy and security concerns for individual accounts.
However, the two connected hacks are bound to raise concerns about the site's security. Logging into Twitter is currently the same for brands with millions of followers as it is for individuals with 10 followers, meaning that a single password unlocks the account.
Twitter also doesn't currently have two-factor authentication enabled, as Facebook does, which allows accounts to be set up so that people accessing it from a new device are prompted to enter a password that can be texted to them to ensure that they've been authorized.
But Twitter is apparently working on such a capability. A job posting on its site for a software engineer focused on product security gives one of the job responsibilities as designing and developing user-facing security features, "such as multifactor authentication and fraudulent login detection."
Update: MTV appeared to be the third major brand to fall victim to a hacker in a single day, but the changes made to its page were actually a stunt authorized by its parent company, Viacom. The logo on its Twitter handle had been swapped out with BET's, but Viacom confirmed to Ad Age that it was merely a joke following up on the Twitter account hacks of Jeep and Burger King. A tweet posted at 3:50 p.m. confirmed the hoax: :We totally Catfish-ed you guys. Thanks for playing! <3 you, @BET. ;)"