By now you probably know the real story. The White House has not been bombed and the president is unhurt. But for a few tense moments yesterday you might have easily believed it, all due to a bogus update from the real Associated Press Twitter account.
[ Cash in on your IT stories! Send your IT tales to email@example.com. If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
That "news" was then retweeted possibly thousands of times by credulous Twitterati, and why not? It came from the @AP account, right?
Some Twitter users were savvy enough to recognize it as a hack, but not the U.S. stock market, which dropped more than 140 points in a matter of minutes before recovering. When Twitter realized the official AP account had been compromised it took the account offline, where it remains as I write this.
A group calling itself the Syrian Electronic Army claimed kudos for the hack, on Twitter (naturally).
Apparently, the SEA spear-phished some AP reporters, who swallowed the bait and coughed up the Twitter log-ons for multiple AP accounts. The SEA also took credit for a hack of Reuters' website last August, but the latter's Twitter account is still live as I write this.
The always clear-headed Molly Wood of Cnet laments that Twitter needs to finally grow up and deal with its accuracy problem:
Twitter has always had an accuracy problem. It's a lot of voices, its information flows quickly, and in all fairness it was never meant to be a medium for reliable delivery of news. But we may be reaching a tipping point where Twitter starts to face actual legal scrutiny or even lawsuits if it can't take steps to ensure the security of its accounts, if not the accuracy of its information.
Bloomberg News' Alex Bruns seconds the motion:
AP is apparently susceptible to hacking just like anyone else who plugs into the internet to share information. That is really not a surprise. Also unsurprising, the agency was exceptionally forthright in mitigating the damage and explaining the mistake. What is surprising, though, is that Twitter Inc. allows itself to remains subject to these sorts of attacks.
...If Twitter expects corporations, politicians and market-moving news services to continue to use its service, it is going to have to provide better security. The AP fixed its problem. Now, it's Twitter's turn.