Sick-minded hackers have broken into the Twitter account of NBC News and posted messages claiming that there has been a terrorist attack at Ground Zero in New York.
The bogus messages claimed that Flight 4782 has been hijacked and another plane crashed into the site where the Twin Towers collapsed ten years ago.
NBCNews’s Digital Officer Vivian Schiller tweeted confirming that their official account had been hacked, and asked followers not to retweet any of the offending messages:
In a subsequent message, Schiller confirmed that NBCNews was “working with Twitter to correct the problem and sincerely apologize for the scare that could have been caused by a such a reckless and irresponsible act.”
A group calling themselves the Script Kiddies have claimed responsibility for the hack. The same group previously hijacked and defaced Pfizer’s Facebook page and broke into the Fox News Politics Twitter account to post a bogus announcement about the death of Barack Obama.
Of course it’s very serious when such a popular Twitter account has its security breached. In theory, malicious hackers could have posted a link to malware or a phishing site – rather than what appears to be sick fake news headlines about a terrorist atrocity at such a sensitive time, with the 9/11 anniversary this weekend.
It’s unclear on this occasion whether NBCNews’s Twitter password was phished, whether it was cracked through a dictionary attack or spyware, or whether the persons who run the NBCNews account made the mistake of using the same password on multiple websites.
Computer users should always choose a hard-to-guess non-dictionary word as a Twitter password, and never use the same password on multiple websites.
Twitter appears to have now suspended the @NBCNews account, presumably to stop other users from retweeting the fake news and starting a scare.
Twitter should be applauded for taking such quick action, but isn’t it time that there was better security available to accounts which have a large number of followers, or who (like media organisations) may cause public panics if someone breaks in and starts tweeting false news stories about terrorist attacks?
Just a username/password combination isn’t enough when a social media account is an important part of your business or public image.
I, for one, would like to see Twitter and other social media sites offer an additional level of authentication for those who want to better defend their accounts. I fear that, unless that happens, we will continue to see high profile accounts hacked and brands damaged as hackers run rings around them.
Update: Christmas tree Trojan blamed for NBC News Twitter hack.