The Associated Press Twitter account was hacked and a false tweet informing followers of a bombing attempt at the White House was posted on The APâ€™s behalf. The attack was claimed by the Syrian Electronic Army.
Saying President Obama was hurt during the incident, the tweet caused a seven-minute stock price plunge that recovered after The AP reported the hack and confirmed the tweet was bogus.
“The @AP Twitter account has been suspended after it was hacked,” confirmed an unaffected Twitter account belonging to The AP. “The tweet about an attack on the White House was false.”
While the Dow Jones Industrial Average dropped 150 points, business news site Quarts explains that someone â€“ possibly the Syrian Electronic Army hacking group – could have profited by quickly purchasing stocks at the lower price.
â€œAnd imagine if whoever hacked the A.P.â€™s Twitter account intended to profit from it,â€ said Quarts. â€œHe, sheâ€”or, as it currently appears, the Syrian Electronic Armyâ€”could have shorted an index fund, or bet that it would fall, then quickly purchased stocks before the rest of the world realized what happened.â€
The attack comes after a series of other Twitter account hacks. McDonalds faced a similar situation in early February when hateful, obscene and false messages were posted by an authorized party via the fast-food chainâ€™s Twitter account.
About 250,000 users earlier had their passwords stolen due to a Twitter hack. Even after they urged an immediate password change, apps using Twitterâ€™s API allowed access to the services without asking users to input the new password.
Although Twitter has not yet introduced two-factor authentication, Mark Risher, co-founder of Imperium, a start-up that aims to help social networks, Â believes it would still not be enough to avoid such attempts as there are more than one way to steal user credentials.
â€œIn the case of a phishing message, two-factor authentication would not eliminate the problem,â€ said Risher. â€œThere are ways to circumvent this. I could create a fake Web page for Twitter and ask you to enter your user credentials.â€
Investigations into how attackers managed to get control over The APâ€™s Twitter account are still underway. An employee who was not authorized to speak for the organization said it could have been a phishing campaign spread via the news organizationâ€™s email network.