Business

Social media emerge as a big advertising platform — and a target for hackers

This frame grab taken Monday, Feb. 18, 2013, shows what appears to be Burger King's Twitter account after it was apparently hacked. Starting just after noon Eastern time on Monday, the fast-foot company's Twitter picture was changed to a McDonald's logo, and the account tweeted that it had been sold to rival McDonald's. (AP Photo)
This Feb. 18 screen grab showed what appeared to be Burger King's Twitter account after it was apparently hacked to change its picture to a McDonald's logo, tweeting that it had been sold its rival. (AP)Credit: AP

While most Americans were winding up their holiday weekends last Monday, the phones at the Vancouver, British Columbia, headquarters of HootSuite, a social media management company, began to ring.

Burger King’s Twitter account had been hacked. Its logo had been replaced by a McDonald’s logo, and rogue announcements began to appear. One was that Burger King had been sold to a competitor; other posts are unprintable.

“Every time this happens, our sales phone lines light up,’’ said Ryan Holmes, chief executive of HootSuite, which provides management and security tools for Twitter accounts, including the ability to prevent someone from accessing an account. ‘‘For big brands, this is a huge liability,’’ he said, referring to the potential for being hacked.

Advertisement—Continue Reading Below

What happened to Burger King — and, a day later, to Jeep — is every brand manager’s nightmare. While many social media platforms began as a way for ordinary users to share vacation photos and status updates, they have evolved into major advertising vehicles for brands, which set up free accounts but have to pay for more sophisticated advertising products.

Burger King and Jeep, owned by Chrysler, are not alone. Other prominent accounts that have fallen victim to hacking include those belonging to NBC News, USA Today, Donald J. Trump, the Westboro Baptist Church, and even the hacktivist group Anonymous.

Those incidents raised questions about the security of social media passwords and the ease of gaining access to accounts. Logging on to Twitter is the same for a company as for a consumer, requiring just a user name and one password.

Twitter, like Facebook, has introduced a number of paid advertising options, raising the stakes for advertisers. Brands that pay to advertise on Twitter are assigned a sales representative but don’t get any more security than a typical user.

Ian Schafer, chief executive of Deep Focus, a digital advertising company that also fielded phone calls from clients concerned about the Burger King attack, said Twitter bore some responsibility.

“I think Twitter needs to step up its game in providing better security,’’ Schafer said. In a memo to his staff, he called on Facebook, Twitter, Pinterest ‘‘and anyone else serious about having brands on their platform’’ to ‘‘invest time in better understanding how brands operate day to day.

“It’s also time for these platforms to use their influence to shape security standards on the Web,’’ he wrote.

The risk for Twitter is in offending potential business partners as it tries to get more advertising dollars. In 2012, the company grew more than 100 percent, earning $288.3 million in global advertising revenue, eMarketer says.

On Wednesday, it introduced a product that would allow advertisers to create and manage ads through third parties like HootSuite, Adobe, and Salesforce.com. Advertising is estimated to account for more than 90 percent of the company’s revenue.

“This is not something we take lightly,’’ Jim Prosser, a Twitter spokesman, said last month. (The company declined to comment on the Burger King hacking.) Prosser said Twitter has manual and automatic controls to identify malicious content and fake accounts, but acknowledged the practice was more art than science.

Last year, Twitter sued those responsible for five of the most-used spamming tools on the site. ‘‘With this suit, we’re going straight to the source,’’ it said in a statement. ‘‘We hope the suit acts as a deterrent to other spammers.’’

But security experts say, and the hacks of Burger King and other brands have demonstrated, that Twitter could do more.

‘‘Twitter and other social media accounts are like catnip for script kiddies, hacktivists, and serious cybercriminals alike,’’ said Mark Risher, chief executive at Impermium, a start-up that aims to clean up social networks. ‘‘Because of their deliberately easy access and liberal content policies, accounts on these networks prove irresistibly tempting.’’

‘‘Social media meltdowns,’’ as Holmes calls them, raise questions about how easy it is for Twitter accounts to be compromised.

“If you’re a competing brand to Burger King, you’re immediately going to be thinking about how to protect your brand and how you can prevent this from happening to you,’’ Holmes said.

Share