On Monday (2/18/13), fast food giant Burger King’s official Twitter account was hacked. Though the hackers retained the @BurgerKing handle, that’s about all they left untouched. The name was changed to their biggest rival – McDonald’s – with golden arches replacing the Burger King logo as the main image and a picture of McDonald’s latest menu item, Fish McBites, used as the header photo. Additionally, in the description, the hackers exclaimed, “Just got sold to McDonald’s because the whopper flopped =[ FREEDOM IS FAILURE,” and linked to McDonalds.com.
The hackers then tweeted inappropriate messages to all of Burger King’s followers, as well as at individual users. One such tweet aimed at an individual follower stated, “If I catch you at wendys, we’re fightin! DM me.” This went on for an hour and fifteen minutes until the account was suspended. Though over 30,000 additional Twitter users followed the home of the Whopper during this time to watch the drama unfold, the hack has no doubt hurt the company’s reputation and annoyed original followers.
Preventing Hacker Damage
It is rumored that infamous hacker group Anonymous was responsible for the hack due to several tweets from an anonymous account, including, “The King has been dethroned…” Though it’s unlikely that large social activist groups like Anonymous will hijack the websites or social media of small to medium sized businesses that does not mean that they are safe from hacking.
Just using a password is not enough; there are several guidelines that should be followed to ensure safe and secure passwords. Make sure you are NOT using the same password for everything. Your email, your social media pages, and your website admin password should all be unique. While you may use a variation on the same idea, make sure that they are distinctive enough to prevent them from being easily guessed.
Ensure that your admin password strength is set to strong in your CMS. This requires each admin of your site to create a longer password with a variety of uppercase and lowercase letters, numbers and symbols. While creating – and remembering – these passwords is a nuisance, it’s a small price to pay for your security. Should any of your employees leave your company, make sure you remove their access ASAP. We’re not saying that they are untrustworthy, but it’s always better to be safe than sorry. Finally, change you passwords frequently. Set a reminder in your calendar to change your passwords every three months.
Spot Check Frequently
Monitoring your website, including spot checking for inconsistencies, reviewing your Google Webmaster report, and logging-in to your Google Analytics on a regular basis will reveal any weak points or incidents of hacking. Develop a routine, performing these checks each week, and soon it will become second nature. You’ll know how things are supposed to look at glance and you’ll quickly notice if anything is out of place. Additionally, take a few minutes to check your social media profiles each day, even if you have scheduled your posts in advance. Aside from giving you a chance to take note of and respond to any comments or messages, you won’t know if anything is wrong if you don’t check.
Back It Up
Backing your site up won’t ward off hackers, but it will minimize the amount of damage they can do if you catch them early enough with your spot check. Ensuring that your data and content are safely backed-up saves you time. Remember if you have a back-up it can be restored by your web team.
Minimizing the Impact
What if, despite your best preventative measures, you are hacked? How do you minimize the impact? Aside from rectifying the situation, first and foremost, you should notify your customers. Depending on what you have access to, this could mean sending a mass email, using social media, or making personal phone calls.
Once everything is reinstated, graciously acknowledge and apologize for what has happened. When Burger King regained control of their Twitter account, they tweeted, “Interesting day here at BURGER KING, but we’re back! Welcome to our new followers. Hope you all stick around!” in an attempt to make light of the situation. They also issued an apology for the hack, using it as an opportunity to say sorry to fans and followers and explain what the company did to rectify the situation.
When it comes to hacking, an ounce of prevention is worth a pound of cure. Take precaution with your passwords and spot check your website and social media frequently. If you notice anything fishy, take action immediately. Luckily for Burger King, the hack only lasted for an hour and fifteen minutes, but the damage could have been much greater had they not been vigilant.