Facebook, Twitter accounts of Yankees, other teams compromised

The official social media accounts of several Major League Baseball teams were compromised Thursday, leading to some embarrassing messages appearing on the Facebook and Twitter accounts and highlighting the risks social media sites can present for the public image of businesses.

Late Thursday afternoon a post on the Facebook wall of the New York Yankees reported that the club's star player, Derek Jeter, would miss the rest of the season because of "sexual reassignment surgery," while the Twitter feeds of the Chicago Cubs and White Sox, Miami Marlins, Washington Nationals, San Francisco Giants and San Diego Padres all also posted suspiciously inappropriate messages. About an hour after initial media reports surfaced the posts in question had been taken off the Yankees' page. Another entry apologized for the "false post" and noted that the account is controlled by Major League Baseball's Advanced Media division.

SOCIAL MEDIA SECURITY: Facebook, Twitter need corporate security policies

The incident highlights anew the risks that can come along with using such social media sites and shows the importance of installing appropriate security measures to prevent such egg-on-the-face situations, says Ben Rothke, a New Jersey-based information security professional and author. "At the end of the day, breaches are inevitable," he says. "Which is why having good practices in place and incident management programs outlined that can quickly identify, and rectify the situation is important."

Companies should take a holistic approach to managing social media, he says, because there are a number of issues to consider. A social media policy regarding if and how employees can use their own personal social media accounts, and whether or not those represent the company, is a decision that may involve the human resource and legal departments. Management of the official corporate social media account is another issue that may involve the IT and public relations departments, he says. In each situation, though, he says there are basic, common-sense security provisions that can be taken to protect unwanted incidents. "We've got all these biometrics and secure IDs, but a lot of this comes down to the password," he says. Having unique passwords for various sites and changing them frequently is a best practice.

Equally important is to have a plan in place in case a situation does arise. "Most security practices fall into the end user's common sense management, but you also have to understand the risks and have a plan to deal with them accordingly," Rothke says.

There have been a variety of attacks and tools developed to more easily allow hacking of Facebook accounts, including last year an Android mobile application that uses cookies to hack a Facebook user's credentials over a Wi-Fi network. Facebook has, in turn, updated its security credentials. Last year, for example, it enabled the more secure HTTPS protocol throughout its site.

As for the situation with the MLB clubs, the fact that the Yankees apparently outsource management of the account to a third-party operation is not an uncommon situation, Rothke says. Choosing the partnerships for corporate image issues is important, though. The organizations catching the flak after Thursday's incident are not the Major League Baseball Advanced Media team, but rather the Yankees and all the individual clubs impacted.

Network World staff writer Brandon Butler covers cloud computing and social collaboration. He can be reached at BButler@nww.com and found on Twitter at @BButlerNWW.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brandon Butler

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place