A screenshot of United’s apology to Twitter followers after the airline’s Twitter account was briefly hacked on Friday morning. Hackers sent one message that included an offer for “better sex” and a link to a Web site. (Tribune)
By Julie Johnsson | United Airlines’ Twitter account was hacked Friday morning, part of a
broader security breach at the social media site that affected the
United Kingdom government and is spreading around the world.
Hackers are using hijacked accounts to distribute mildly pornographic
tweets and direct messages to other Twitter users, said Dennis Howlett,
an independent enterprise software analyst based in Spain.
“This is actually getting quite serious,” Howlett said, noting that the proliferation of the messages and the potential embarrassment to some of the prominent people and companies that have been targeted.
Hackers sent one message via Chicago-based United that included an offer for “better sex” and a link to a Web site.
United quickly deleted the message and then tweeted an apology to its 56,754 followers. “We’re taking steps to make sure it doesn’t happen again,” said United spokeswoman Robin Urbanski.
The attacks at first appeared to be part of a “phishing” scheme, in which users are conned into sharing passwords and email addresses.
But the individuals behind the incidents could also be exploiting security vulnerabilities in the free apps that allow Twitter devotees to tap into the micro-blogging site from mobile devices or aggregate social-media messages, Howlett said. (Twitter didn’t respond to a Tribune request for comment.)
Howlett noted that many people assume the personal information they share with application-makers will be treated as confidential, even though Twitter doesn’t authenticate or offer any stamp of approval for the developers who attach software to its site.
“I have no direct means of knowing whether that application should be trusted,” Howlett said.
Targets of the latest Twitter attack included Ed Miliband, the British energy minister, whose account sent a message carrying an unusually direct reference to the politician’s sex life.
“Oh dear it seems like I’ve fallen victim to twitter’s latest ‘phishing’ scam,” Miliband said in a message posted shortly afterward.
On Thursday, House of Commons leader Harriet Harman told lawmakers her account had sent a bogus message to opposition lawmaker Alan Duncan.
She didn’t reveal the contents of the message, but added: “I wouldn’t ever send a tweet like that.”
Other prominent politicians and journalists were among those who received the rogue messages.
Even tech-savvy Twitter users have been hit. Intel UK, the British arm of the chip maker, apologized to its followers Thursday after its account had been hacked.
With the Associated Press
I am more concerned with why United Airlines even has a Twitter account. Let me guess, they are on Facebook, too?
I know of some large companies that actually have facebook sites so don’t be surprised.
It wasn’t hacked. It was an employee playing a game. Hackers Unite
Please, please don’t ever use the words “United Airlines” and “Hijack” again in a headline like that! Gave me quite a scare. Bad choice. Might I suggest “take over,” “hack,” “control” instead?
I’m at ohare right now. Is it still safe to fly on united or are their planes at risk of being hacked too?
Jefferson, why are you concerned that a company is smartly using free advertising and marketing? Most companies have Twitter and Facebook accounts, it’s a cheap way for them to get out info on new products and services. And some even give out discounts or coupons to their followers/fans.
BTW, WTF is the British Govt. twting, anyway?
I think I got that under 140 characters.
please don’t use “United Airlines” and “hijack” in the same sentence unless a plane has been hijacked.
United Airline’s has lousy Information Systems security. When I started getting SPAM on my United email address, their security ‘expert’ said someone either hacked into their email system, or a ‘disgruntled employee’ was reselling customer information.
Either scenario was scary enough that I simply won’t share any information with United beyond what I need to fly – and I fly them VERY rarely.
This account was phished, not hacked. That means it’s the user who gave away access, not anyone who broke in and stole access. What happened is a careless employee clicked a link in a message that led to a scam Twitter “sign-in” page. The employee was stupid enough to actually sign-in, and–voila–now someone else was able to access and send sex messages from United’s account. Not for nothing, but when you’re paid to steward a corporate Twitter feed, it’s your professional responsibility to be able to see obvious scams like this and not put your client’s or company’s brand at risk by being thoughtless. It’s like going shopping and leaving the keys in your ignition. Just plain dumb.
I don’t think it was a hack, I think United was trying to re-vamp the “friendly skies” image.
Pilot: I am flying the plane
Pilot: I am landing the plane.
Pilot: I am getting off the plane and going to the men’s room.
What’s the point of being on “Twitter” anyway? . . . .beside nonsensical wasting of time.
How about devoting your efforts to making the airline efficient and profitable again?
….just a thought.
It was a very common phishing scam that happens to tons of people, not just brands, everyday. It isn’t specific to the user – no one gives the password away – it’s just a worm of phishing tactics that happens and at this point, in this specific type of scam, there is nothing you as the user can do other than hope that your followers are smart enough not to fall for this type of tweet scam anymore than they would a “I’ve got my dead husbands estate” scam via email. These phishers are very vigilant and don’t care to actually target like hackers do – they just go out and get as much as they can. You see this all day long.
Additionally, there are a ton of ways they could use Twitter better, and for monetization. We’ve worked with two airlines on Twitter and social networking and there are indeed ways to see monetary value if you think in terms of efficiency, cost of information share among other media, and the like.
Happy to share case studies if anyone wants to email me.
Amanda Vega
http://www.amandavega.com
@Reality: Your comment shows you obviously have *no* idea how Twitter is actually used, as well as your shortsightedness in marketing a company/service.
Furthermore, I can’t see how managing social media outlets could possibly be derailing a $20 billion/yr company to the point where they cannot “devote their efforts to make the airline efficient and profitable”. It costs them – what? $5,000/yr in extra salary to a desk jockey who Tweets/Facebooks?
Clueless *and* cynical is a deadly combination, my friend.
@Reality: Your comment shows you obviously have *no* idea how Twitter is actually used, as well as your shortsightedness in marketing a company/service.
Furthermore, I can’t see how managing social media outlets could possibly be derailing a $20 billion/yr company to the point where they cannot “devote their efforts to make the airline efficient and profitable”. It costs them – what? $5,000/yr in extra salary to a desk jockey who Tweets/Facebooks?
Clueless and cynical is a deadly combination, my friend.