Jeep joins Burger King on Twitter hacked list, inspires MTV, BET to fake breaches

Jeep became the latest major brand to have its account hacked on Twitter.

Visitors to @Jeep's Twitter page on Wednesday saw a graphic header announcing that the Chrysler division had been sold to Cadillac.

The attack was similar to one launched on Burger King's Twitter account earlier this week; the hackers announced that the fast food chain had been sold to rival McDonalds.

Much of the content added to Jeep's Twitter feed contained content similar to that used in the burger breach, too. It included vulgar tweets and a photo of a person shooting up drugs in a bathroom with the caption: "We caught one of our employees in the bathroom doing this..."

[See also: Twitter users delt malicious links via direct messages]

The fake content was displayed on the Jeep site for some 80 minutes before Chrysler regained control of its account and purged the unauthorized material from it. Jeep announced it was back in charge with this tweet: "Hacking: Definitely not a #Jeep thing. We're back in the driver's seat!"

Although there was speculation that the hacker collective Anonymous and an affiliate, LulzSec, were involved, it remains unclear who was behind the attacks. Anonymous denied any involvement in the Burger King attack.

Chrysler and Twitter did not respond to requests for comment.

In an apparent move to exploit the publicity surrounding the Twitter hacks, MTV and BET, two Viacom properties, staged a bogus hack of each other's Twitter accounts. Each switched their profile photos. MTV's Twitter account displayed BET's profile picture, while BET's displayed MTV's. The switch ended after about an hour, with MTV tweeting "Catfish-ed you guys. Thanks for playing!"

"Catfish" is an MTV show where people try to suss out whether online heartthrobs are real or just fake Internet personas.

MTV and BET may have hoped to get a bump in the number of Twitter followers by faking a hack -- Burger King's followers jumped from 77,000 to 111,000 during its hack -- but the prank could backfire.

"There's already chatter on the Web about hackers attacking MTV and BET for pulling the stunt," Wilson Tang, head of digital creative for TBA Global, an engagement marketing agency in New York City, said. "They're putting a sign on their door for hackers that says, 'Come Attack Us.'"

While embarrassing to both Jeep and Burger King, he said, the hacks will likely prompt a review of social media management at other companies.

"Social media is so new, people don't have the policies in place for managing a Twitter account as people move in and out of an organization," he said. "I imagine a lot of companies will be doing that over the next few days."

When consulting with clients about social media initiatives, security usually isn't on the radar. But Tang expects that to change. "I think that discussion will come up more and more, especially as more and more high-profile brands like this do get hacked."

The Burger King and Jeep hijacks should be a wake up call for Twitter, said Chris Heuer, chairman and founder of the Social Media Club, a global organization for media makers. "This should push Twitter to deploy two-factor authentication," he said.

Two-factor authentication requires something in addition to a username and password to use an account. A common second-factor is a code sent to an account holder's phone.

Passwords alone aren't secure enough to protect online accounts, Heuer noted. "With all the personal information people are sharing publicly, all it requires is a little ingenuity to guess a person's password.

"Twitter needs to take action on this to protect users," he added, "and ultimately, to protect its own reputation."

Read more about social networking security in CSOonline's Social Networking Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsData Protection | Social Networking SecurityLulzsecsoftwareJeeptwitterdata protectionCadillacAnonymousBurger King

More about Burger King

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place