5 Lessons for Brands From the Burger King Twitter Hack The company regained control of its Twitter feed after hackers overtook it for hours. Here's what brands need to know.
By Kevin Allen
This story originally appeared on PR Daily
Burger King regained control of its Twitter account Monday night, after a day in which its feed was overtaken by hackers and made to look like McDonald's.
Around 10 p.m. ET, Burger King tweeted:
Interesting day here at BURGER KING®, but we're back! Welcome to our new followers. Hope you all stick around!
— BurgerKing (@BurgerKing) February 19, 2013
The breach began in the morning on Monday and lasted for hours. Hackers tweeted a flurry of messages, most of them made little sense and contained offensive language. By the afternoon, Twitter had suspended the account. Burger King did not update its Facebook page on Monday, though it did release this statement to the media:
"We have worked directly with administrators to suspend the account until we are able to re-establish our legitimate site and authentic postings. We apologize to our fans and followers who have been receiving erroneous tweets about other members of our industry and additional inappropriate topics."
Anyone who's managed a brand account can certainly empathize. In the hours after the hack, even McDonald's tweeted from its verified account:
We empathize with our @burgerking counterparts. Rest assured, we had nothing to do with the hacking.
— McDonald's (@McDonalds) February 18, 2013
As bad as it seemed, the fallout won't be severe—just a week or so of mass embarrassment and a lifelong cautionary tale for PR pros, marketers, and social media gurus everywhere. But it's unlikely that the brand itself will take any kind of real hit. The word "Whopper" will not suddenly become synonymous with this or any social media hack.
#insert RSS here#
In fact, some are even seeing obvious positives in the wake of the fiasco. Cameron McPherson, of strategic communications firm The Hodges Partnership, points out that Burger King saw an increase in followers (more than 30,000) and as well as a number of media mentions.
Monday was a slow news day. That the account was hacked and made to resemble that of its notorious rival probably served to fuel the fire.
That's not to minimize the severity of the situation. It's a huge deal if you're the people that manage the Burger King account. But it was done in such outlandish fashion that there was no question that it was a hack job from the very beginning. With a more thought-out and subversive approach, you could do some real damage. As it happened, however, it just looked like a bunch of teens messing around. I mean, they linked to a Chief Keef video. You can't get much more amateur than that.
Still, it's not difficult to extrapolate and see how social media accounts could be an avenue for some crazy corporate sabotage. Therefore, a more likely effect will be that C-level executives could become less gung-ho about signing off on any big social executions. If all they see is nightmare headlines and no extra product moving off shelves, they'll ask, What's the point?
That said, here are a few measures social media managers should be taking to ensure that they can avoid or mitigate these scenarios.
- Change your passwords regularly. And change them to something obscure that has nothing to do with the product you sell. Random numbers, letters, and symbols are your best friend. We change our passwords every month—that will probably change to every two weeks in light of this development.
- Have procedures in place to stop an attack in its tracks. Create a fail-proof social escalation policy that can end something like this before it gets out of hand. Have the assets you need on hand to be able to restore the images on your profile.
- Minimize the number of mobile devices that can access the account. If you look at all the apps that can access your account, you should know for certain where they're all coming from and what their purpose is. If you're unsure about any of them, ax them.
- Make it mandatory that any mobile phones that link to corporate accounts are password protected. That way, if you leave your phone at, say, a Burger King and you're signed into your brand's account, no one can have easy access to it. Similarly, make sure that if you leave your computer at, say, a Burger King, it's not logged into any accounts. Password protect everything that allows access to accounts that are password protected. Thinking about the computer I'm typing on, if I were to leave it somewhere and some swarthy character logged onto Facebook, they would be able to wreak havoc on about six different accounts (none of which are my personal account). That's pretty scary when you think about it.
- Change your passwords every time someone leaves the company—whether or not it's amicable. Don't trust people. There's too much at stake here.