For Twitter this couldn’t have come at a worse time. The platform has been aggressively pushing its advertising offerings and attempting to woo corporate clients (and their audiences) outside of the existing Twitterati.

After a series of high-profile mishaps it has left many marketing managers questioning the security of the platform. 

Who’s to blame? 

1: The Hacker

Firstly there’s the hackers. If, as some sources are reporting, the hacker collective Anonymous is behind the attack, then it’s doubtful that Burger King could have kept them out for long. 

Ultimately there’s not much that a brand can do about this, other than… well, being a genuinely nice brand. These things occasionally happen, and there’s more that businesses using Twitter can do to help themselves – more on that in a moment. 

2: Burger King

Brands with a large social presence simply cannot afford to take downtime.

I have to sleep, but I still find myself checking our Twitter feed on my phone before I go to sleep, and again as soon as I wake up.

I’d be monumentally surprised to find out that we invested more in social than a global food chain, but we let key members of global staff have access to social media channels in case there’s a problem at 4am and I’m not around. 

Burger King themselves have also taken a slow approach to communicating the problem. At time of writing (some 16 hours after the incident) there’s no mention of it on their homepage.

The company has Tweeted since: 

https://assets.econsultancy.com/images/0002/9235/BK_3.PNG

But beyond that there’s no communication.

Burger King has stated that it will post an apology on its Facebook Page.

Why Facebook?

Yes, the company account there is more popular, but the problem occurred on Twitter.

Does Burger King know that all of its Twitter followers are also Facebook fans? (Do you?)

Why has it taken so long to tweet a simple “We were hacked earlier, back to normal now” statement? Glancing through BK’s historical tweets it’s fairly clear that they are mired in the swamps of corporate comms, tweeting fairly bland product offerings and deal codes without much real engagement:

https://assets.econsultancy.com/images/resized/0002/9236/bk_4-blog-half.png

The Guardian (among others) reports Burger King’s official statement:

“It has come to our attention that the Twitter account of the Burger King brand has been hacked.”

It’s a tone that, while businesslike, gibes with the image the brand is at pains to convey. In addition, the fact that it took over an hour for BK to discover the problem and communicate it back to Twitter indicates a lack of proper monitoring, and of forward planning for these situations. 

3: Twitter

One can only assume that Burger King would represent a fairly important client (or at the very least, a hugely valuable prospect) for Twitter, so taking care of them properly should be a priority.

Monitoring all their clients might well be too big a request, but would a hotline for advertisers be too much to ask?

Security is often cited as a leading reason against investing in social. Businesses are afraid to seed control to their employees, and beyond that to their audience. If they are serious about wooing big advertising money, then at the very least two-step verification should be a priority for the future

What to do if you are hacked

Here at Econsultancy, we’ve had the odd case of hacking in the past. It’s a fact of social media life, so make sure you’re prepared for it.

Here are a few quick steps to keep in mind on Twitter.

No stupid passwords.

As explained in this excellent XKCD strip, passwords with numbers and random characters aren’t particularly secure.

Instead, use a simple, four word phrase that is easy for you to remember, but hard for others to guess. So don’t use your dog’s name, use Burt Lancaster’s Son’s dog’s name instead. If you’re feeling saucy, add a couple of numbers to it as well.  Don’t give the password out randomly. 

As mentioned, a few key staff have access to our Twitter account. All of them follow a couple of simple rules

  • Don’t use the company account on a phone unless absolutely, really, unavoidably necessary. If you do, change the password straight away afterwards. 
  • Don’t authorize ANY third-party apps using your main account. If you want to use one, try it using your personal account first. Then don’t do it anyway without coming up with a good usage case first and asking for permission. 

Always be on. 

Make sure someone with access is always awake.

Social media may not be their primary role, but think about who you can trust to use accounts sensibly and keep an eye on them while you’re asleep/on the tube/lying on a tropical beach.

If you get hacked, stay calm. 

It happens. When it does:

  • Access Twitter from Twitter.com. 
  • Head to your ‘apps’ section and de-authorize every app. 
  • Delete any offending Tweets.
  • Change your password. Log out. Log in. Change your password again. 

If you can’t access your account, contact your Twitter account manager immediately. 

After the event, inform your followers that you were hacked, reassure them that it’s all good again, and carry on. These things happen, people will understand that. 

That isn’t to say it can’t cause a lot of brand damage, so it’s doubly important to communicate to people what happened, why it happened, and make them feel secure when they hit one of your links.

Whatever channel this occurs on, if it’s a noticeable problem, communicate this message as quickly as possible across every channel you can. Let people know you’re back to business as usual. If it’s possible and helpful to do so without exacerbating the problem, then communicate across other available channels while you attempt to fix things. 

At some point this will happen, so whether you end up tweeting an affiliate link to a dodgy cheap handbags site or instructions for mixing Krokodil, make sure you act quickly and calmly, and tidy up afterwards.