Collateral Damage Control of a Hacked Account

Neil DuPaul By Neil DuPaul
April 24, 2013

AP Twitter Account HackedYesterday the Associated Press joined the pool of victims who can say they've suffered a hacked or stolen Twitter account. The highly publicized event saw the AP have it's main Twitter account hacked (@AP) sometime in the afternoon and a tweet appeared around 1 p.m. reporting: "Breaking: Two Explosions in the White House and Barack Obama is injured." As you can imagine the tweet set off a chain reaction of retweets and alarm even causing the Dow Jones to reportedly plunge nearly 143 points in only a 3 minute span following the breaking news. Luckily the Associated Press responded quickly and efficiently to incident, suspending their accounts and using their child Twitter accounts to spread news that they had temporarily lost control of @AP. The stock markets have also recovered since then @AP has regained control of it's accounts. A tweet by Mikko Hypponen this morning brought to my attention another really fascinating bit of information though. Yesterday the AP Twitter account had 1.9 million followers. At the time of my writing this post they have 87,986 followers.

  But wait, some further inspection reveals that the drop in followers actually happened at the hands of Twitter? Says Eric Carvin, AP's Social Media Manager in a tweet;

  (Edit: At the time of our update to this post their following had climbed to 417k.) From what I can gather this is either a measure taken by Twitter to protect the AP's following and Twitter's own user base at large to prevent tweets from hacked accounts reaching more eyes or possibly it's simply a side effect of a suspended account being slowly ramped up to normalcy. While I can't comment on exactly when the followers were dropped, it's very interesting to see from my perspective, a Social Media Manager and SEO at a security company. The hack was apparently enabled by a phishing attempt on AP's corporate network, which by the way if you aren't familiar with how phishing attacks work, you should be. Share the basics of security awareness with your coworkers, take advantage of multi-factor authentication whenever possible and always use strong passwords. Who knows, maybe it'll stop your company from losing control of an account someday. Update: My interest in this led me to track exactly how quickly the followers of @AP were restored. Every hour I've been checking their account and documenting the increase. Note: These figures are not exact, rough numbers only so in the case of marginal gains you may see the same numbers reported here. 10 am - 89,000 11 am - 417,000 12 pm - 560,000 1 pm - 560,000 2 pm - 890,000 3 pm - 1,018,000 4 pm - 1,019,000 After this I stopped checking progress hourly, by 9 am the following morning they've had all followers restored.

Neil is a Marketing Technologist working on the Content and Corporate teams at Veracode. He currently focuses on Developer Awareness through strategic content creation. In his spare time you'll find him doting over his lovely wife and daughter. He is a Co-Owner of CrossFit Amoskeag in Bedford NH, his favorite topic is artificial intelligence, and his favorite food is pepperoni pizza.