Jeep is becoming a corporate poster child for the Twitter-hacked, and automakers are taking note and playing defense.
Companies should reassess the way they handle social media passwords after Jeep’s Twitter account was invaded last week, a computer forensics expert suggested.
To avoid being the next victims, companies should make sure they don’t use the same password across multiple accounts, and should rotate passwords periodically, said Lee Neubecker, president of Forensicon, a Chicago digital forensics firm. Passwords should be a complicated mix of letters, numbers and symbols.
Jeep brand’s Twitter account was hacked and given a thorough, McDonald’s-inspired makeover. The Jeep logo was swapped for a Cadillac logo, and the page’s wallpaper was replaced with a photo of a vehicle sporting the fast food giant’s colors and golden arches.
The hacker sent out profanity-laced posts, including one that said Jeep had been sold to Cadillac, which later disavowed any connection to the incident on its own Twitter page.
In the aftermath of Jeep’s hacking, Ford isn’t taking any chances.
“Our protocol at Ford was to ask our global teams to change all of their Twitter passwords immediately to more secure combinations of letters, numbers and symbols. Further, we’re asking them to create a regular update with passwords, along the same lines of the protocol that our IT organization requires of Ford employees for internal access to Ford sites and hardware,” wrote Scott Monty, Ford’s social media head, in an e-mail to Automotive News.
Monty also said Ford reached out to Twitter to learn of the steps they’re taking to support brands that get hacked, “while also stressing the need for something as secure as two-step authentication that Google and Facebook offer.”
General Motors changed passwords on all of its Twitter accounts to safeguard itself.
“The bottom line is that it’s unfortunate that these things are happening and we’re doing our best to make sure it doesn’t happen here,” said Rebecca Harris, a GM social media strategist, in an interview. “It could happen to any of us.”
Scott DeYager, Toyota’s social media manager, said the incident was an eye-opener.
He said the marketing team had Twitter representatives on the phone within two hours of Jeep being hacked to get pointers and communicate with partner agencies who feed Toyota’s social media accounts.
“We got the latest best practices and downloads from them and the procedures, if it would happen to us, how we get it taken care of quickly,” DeYager said in an interview.
“Then we had a meeting with all of our stakeholder teams and basically determined a new schedule for refreshing all of our passwords that was actually in line with what Twitter was suggesting and also making sure that any of our other social media accounts that none of those passwords are replicated across any other accounts as well. We had long meeting to discuss all of this and put some new measures in place to up the schedule of refresh on these passwords.”
Chrysler posted on its corporate Twitter account last night, “Hats off to @Jeep team — no terrain is too rough, even on Twitter,” and linked it to the company statement.
“The brand’s social media agency was aware of the situation immediately and contacted Twitter. The brand regained control of the account within the hour,” the statement said.
Chrysler’s corporate Twitter account is handled in-house by its public relations department.
Jeep’s account, run by ad agency Ignite Social Media, has gained more than 3,000 followers since being hacked as the current count approaches 108,000.
Ignite Social Media did not return phone calls seeking comment.
Burger King, which had its account infiltrated recently, directed a sympathetic tweet to Jeep on Tuesday: “Glad everything is back to normal.”
Jeep later replied, “Thanks BK. Let us know if you want to grab a burger and swap stories — we’ll drive.”
Ed Garsten, Chrysler’s head of broadcast and digital media communication, said these incidents come with the territory.
“We’re just really pleased with the quick reaction of our agency and working with Twitter that we were able to get it resolved so quickly,” Garsten said in an interview. “In the aftermath, we think about our accounts and how to strengthen their security.”
If companies use outside agencies to run their social media accounts, Forensicon’s Neubecker said they should look into their password security procedures.
“If you’re working with an agency that manages your social media, you might want to do some due diligence and ask them what their password policies are. Do they have the same password on multiple accounts?” Neubecker said.
“Companies might even want to consider writing legal language into their agreement that specifies that unique passwords that are more than 12 characters and contain a mix of numbers, symbols and letters will be used. Things like that are really important.”
Twitter posted a blog with password security tips, such as using at least 10 characters with upper and lower case characters, numbers and symbols.
Neubecker said: “Learning how to manage social media is something that companies need to tune in and be plugged into.”