On 23 April 2013 the Twitter account of the Associated Press (AP) news agency was hacked and subsequently sent out a hoax tweet reporting that President Barack Obama had been injured in an explosion in the White House. Within seconds, Wall Street was in panic mode and US stocks plummeted.
When a Twitter account is hacked, the public normally thinks it's a result of some highly sophisticated attack perpetrated with complex programs and all sorts of stealth systems only accessible to some privileged minds... Well, in reality, things are usually much simpler. In most cases, the so-called "hacker" simply guesses their victim's password. The most complex attacks are actually those where the attacker tricks the user into re-entering their credentials in some system, unaware of the fact that, in reality, they are submitting their data to a cyber-criminal (which was exactly what happened in the AP Twitter hack).
Two months ago, Burger King's Twitter account was also hacked. Its background picture was changed to a McDonald's image, and a message was posted announcing that the company had been sold to its rival.
The AP attack might look like an isolated incident, but unfortunately such attacks are fairly common. In fact, the group behind the hack, the self-proclaimed "Syrian Electronic Army", also hacked the Twitter accounts of watchdog organisation, Human Rights Watch; French news service, France 24; and the BBC's weather service.
But it's not only Twitter accounts that are at risk. Many of us still remember the theft of a series of compromising photos from Scarlett Johansson's cell phone, for example. Preliminary investigation seemed to indicate that a hacker had been able to launch a cyber-attack on the actress's cell phone, accessing her personal information. Later, however, it was found out that the 'hacker' was simply someone with a penchant for hacking into celebrities' accounts who had been able to guess the star's email address password.
Panda Security offers some simple tips regarding social media passwords by way of protection from this type of attack: