Jeep joins Burger King on Twitter hacked list, inspires MTV, BET to fake breaches

Jeep became the latest major brand to have its account hacked on Twitter.

Visitors to @Jeep's Twitter page on Wednesday saw a graphic header announcing that the Chrysler division had been sold to Cadillac.

The attack was similar to one launched on Burger King's Twitter account earlier this week; the hackers announced that the fast food chain had been sold to rival McDonalds.

Much of the content added to Jeep's Twitter feed contained content similar to that used in the burger breach, too. It included vulgar tweets and a photo of a person shooting up drugs in a bathroom with the caption: "We caught one of our employees in the bathroom doing this..."

[See also: Twitter users delt malicious links via direct messages]

The fake content was displayed on the Jeep site for some 80 minutes before Chrysler regained control of its account and purged the unauthorized material from it. Jeep announced it was back in charge with this tweet: "Hacking: Definitely not a #Jeep thing. We're back in the driver's seat!"

Although there was speculation that the hacker collective Anonymous and an affiliate, LulzSec, were involved, it remains unclear who was behind the attacks. Anonymous denied any involvement in the Burger King attack.

Chrysler and Twitter did not respond to requests for comment.

In an apparent move to exploit the publicity surrounding the Twitter hacks, MTV and BET, two Viacom properties, staged a bogus hack of each other's Twitter accounts. Each switched their profile photos. MTV's Twitter account displayed BET's profile picture, while BET's displayed MTV's. The switch ended after about an hour, with MTV tweeting "Catfish-ed you guys. Thanks for playing!"

"Catfish" is an MTV show where people try to suss out whether online heartthrobs are real or just fake Internet personas.

MTV and BET may have hoped to get a bump in the number of Twitter followers by faking a hack -- Burger King's followers jumped from 77,000 to 111,000 during its hack -- but the prank could backfire.

"There's already chatter on the Web about hackers attacking MTV and BET for pulling the stunt," Wilson Tang, head of digital creative for TBA Global, an engagement marketing agency in New York City, said. "They're putting a sign on their door for hackers that says, 'Come Attack Us.'"

While embarrassing to both Jeep and Burger King, he said, the hacks will likely prompt a review of social media management at other companies.

"Social media is so new, people don't have the policies in place for managing a Twitter account as people move in and out of an organization," he said. "I imagine a lot of companies will be doing that over the next few days."

When consulting with clients about social media initiatives, security usually isn't on the radar. But Tang expects that to change. "I think that discussion will come up more and more, especially as more and more high-profile brands like this do get hacked."

The Burger King and Jeep hijacks should be a wake up call for Twitter, said Chris Heuer, chairman and founder of the Social Media Club, a global organization for media makers. "This should push Twitter to deploy two-factor authentication," he said.

Two-factor authentication requires something in addition to a username and password to use an account. A common second-factor is a code sent to an account holder's phone.

Passwords alone aren't secure enough to protect online accounts, Heuer noted. "With all the personal information people are sharing publicly, all it requires is a little ingenuity to guess a person's password.

"Twitter needs to take action on this to protect users," he added, "and ultimately, to protect its own reputation."

Read more about social networking security in CSOonline's Social Networking Security section.

Tags: applications, Data Protection | Social Networking Security, Lulzsec, twitter, Jeep, software, data protection, Cadillac, Anonymous, Burger King

Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab

READ THIS ARTICLE
MORE IN Security Leadership
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Enterprise Security for Endpoints

Think your endpoints are secure? Think again. Learn why Trend Micro can help.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.