April 27, 2013    /    by

Fake Tweet? Dealing with the AP Twitter feed hack

There has been a lot of discussion over the past week about Twitter and the power of social media following the breach of the Associated Press (AP) Twitter feed last Tuesday. Bottom line, each of us still needs to decide: Can I trust that tweet?

There has been a lot of discussion over the past week about Twitter and the power of social media following the breach of the Associated Press (AP) Twitter feed last Tuesday.

After the verified AP Twitter feed was hacked, a message was sent out that read, “Breaking: Two explosions in the White House and Barrack Obama is injured.”  

Immediately, the stock market dropped dramatically. Stocks recovered after it became clear what happened.

Other Fake Tweets?

 In case you’re wondering, no, this is not the first time that fake tweets have caused a public reaction. Twitter accounts have also been hacked from National Public Radio, CBS 60 Minutes and Reuters News.

In addition, Twitter business accounts for Burger King and Jeep were also hacked in the past. In the case of Burger King, the tweets made their site look like McDonalds. In response, McDonalds tweeted back that they had nothing to do with the breach – or tweets about the Whopper sandwich becoming a Big Mac.

Back in 2009, millions of people were duped by fake Twitter accounts with quotes from celebrities. “A phony account under the name of film star Christopher Walken and bearing his picture is still regularly read by more than 90,000 people.” Since that time, Twitter has cracked down on fake accounts and put “verified” accounts in place.

Digging Deeper Into Fake Tweet Consequences

What is now clear is that reading a tweet from a trusted source may never be the same.

The Huffington Post asked: Does Twitter have a credibility problem? “The latest hack was by far the most significant: the single AP tweet stunned investors and effectively wiped out $136.5 billion of the S&P 500 index's value in a matter of minutes.”

Now the SEC and FBI are even probing the fake tweets for securities fraud. Here’s an excerpt from USA Today:

“Stolen log-ons for financial and social media accounts readily flow through underground forums, and over the past week, there has been a big infusion of freshly stolen data. ‘Hackers are compromising our computing devices and then spreading false information that can be damaging to an individual or a company,’ Sherry says.

In the wake of the Boston Marathon bombings and devastating explosion in West, Texas, "phishers" sent out links to disaster videos in millions of e-mail messages. Clicking on one of these links displayed the video — but also infected the computing device.”

Getting Personal: Knowing Who, What, When, Where and How We Communicate

So how can we learn from recent incidents? What are we to do with an incredible tweet with news from a trusted source?

 The first step is awareness. Understand our current social media environment. Know that fake tweets (and fake emails or text message scams) abound. There is even a fake Tweet builder website out there. (Be
aware that fake Twitter followers are a growing multi-million dollar business.)

The second step is to keep a healthy dose of skepticism on dramatic claims/news. We’ve seen denial of service attacks, intellectual property stolen, bank accounts drained, but now this misinformation campaign. So… double check your sources. When announcements come of bombs going off (or worse), check several reputable sites or feeds to gain additional information.

No doubt, this hesitancy takes away some of benefits of tweets and fast information. But what is more important, getting the data or information right or getting it fast? Yes, we want both, if possible. Nevertheless, we now realize that mistakes can and will be made – and cause harm.

Third, use stronger authentication systems on your own Twitter or other social media accounts. Add two-factor logon, when it becomes available. This may require a smartphone pin, email or text message to gain
access, but can make the process more secure. While two-factor authentication will help, it will not make this problem go away. Therefore, we still need steps 1+2.


 In conclusion, the recent false alarms with Twitter should signal the need to take a step back and relook at how much trust we place on various channels and real-time messages. Beyond Twitter, there are false messages on websites, Facebook pages and other social media apps. Who is really sending these messages?

 Our new high-tech tools provide easier ways to share data quickly, but quality is always hard. For example, I received tweets about the Boston bombers having foreign ties alongside other tweets that said they were definitely acting alone as Americans. Weeks later, we are still sorting out that intelligence information.

Which raises the question, should we be tweeting about those more complex topics anyway? Are our tools being used with proper online etiquette and effective controls? There were many people who displayed bad taste with Twitter during the Boston bombings.

Bottom line, each of us still needs to decide: Can I trust that tweet?