On the heels of a phishing scheme that lured unsuspecting Twitter users to a website that was designed to steal their passwords, the Twitter accounts of well-known individuals, including United States President-Elect Barack Obama, have been compromised.
TechCrunch's Michael Arrington and others noticed unusual tweets on the official accounts of the United States President-Elect, CNN's Rick Sanchez, FOX News' Bill O'Reilly and Britney Spears. Companies such as Facebook and The Huffington Post have seen their official Twitter accounts compromised as well.
While it is not clear if these attacks are related to the phishing scheme that was widely reported in the past week, there is clearly either a coordinated attack taking place or some vulnerability in the Twitter service has been discovered and knowledge of it is circulating rapidly.
The situation is no doubt not only an embarrassment for Twitter but for those whose accounts have been hijacked. It highlights some of the risks that should be taken into consideration when evaluating a social media strategy.
Because of the large followings popular individuals and brands can acquire on social media websites and the ease with which information can be distributed to followers, individuals and brands need to understand that there is a real risk if their accounts are compromised.
As this incident on Twitter demonstrates, a compromised account can lead to damaging messages being sent to tens of thousands of people from accounts that are otherwise established as official, legitimate sources.
From consumer confusion to lost brand equity, there are potential consequences here.
Given this, individuals and brands need to include security considerations when implementing their strategies on these services. Who has access to accounts? What safety protocols can be established to reduce the risk that passwords are compromised? What plans are in place if something happens and action needs to be taken to respond to negative incidents?
Beyond this, however, individuals and brands need to understand that there are a lot of things they cannot control when using services like Twitter, Facebook and MySpace. These services not guaranteed to be secure and a security vulnerability that is discovered could place thousands of your customers, users and followers in the hands of malicious individuals and groups. In some sense, it is almost as if the individuals or groups that compromised Twitter accounts today had compromised valuable email and customer lists.
The lesson here: just as many prominent individuals and brands spend a considerable amount of time evaluating hosting and email vendors, individuals and brands need to invest time evaluating the services they'll use to interact with their 'followers' on the web.
Hopefully today's Twitter attack will serve as a wakeup call.