WSJ Facebook Page Hacked
Incident Highlights Social Media RisksAn incident involving hackers posting false "news" reports on The Wall Street Journal's Facebook page demonstrates yet again why organizations must ramp up their efforts to protect their social media accounts to avoid reputational harm.
See Also: Network Threat Trends Research Report
On July 21, the Journal confirmed that its Facebook account was hacked and false comments posted. "We are aware that our Facebook page was compromised," the newspaper said. "We have deleted the posts and are looking into it."
News site Mashable took screen-grabs of the fake comments. One of the comments read, "#BREAKING: US Air Force One crash feared as air traffic controller loses contact with pilot over Russian air space."
The Journal confirmed to Information Security Media Group that the unauthorized postings to its Facebook page were due to a compromise of a third-party account. "We acted quickly to remove the erroneous material and have reset affected accounts," according to a statement from the newspaper.
What's At Stake?
The incident highlights the many risks of a corporate social media account takeover, says Nikki Junker, communications and media manager at the Identity Theft Resource Center. "These risks range from damage to a brand's reputation to global financial impact, as was seen in the hacking of an Associated Press Twitter account last year," which caused the Dow Jones Industrial Average to drop 143 points, she says (see: Social Media Needs 2-Factor Authentication).
Shirley Inscoe, a security analyst at consultancy Aite Group, says the attack could have been a test to see if the hackers could post the false items successfully and how long it would take to be removed. "Media and social websites need to be much more security conscious than they have proven to be to date," she says.
It's important to take advantage of two-factor authentication offered by many social networks, Junker says. "You can set both your Twitter and Facebook accounts to send you a text message with a verification code which must be entered in order to log-in to an account," she says. "While it may take a bit of extra time, it can help prevent serious problems for your organization."