PR professionals representing the country’s largest public figures are likely having a rough week after a wave of cyberattacks on Twitter.
Around 4:00 p.m. Eastern on July 16, tweets from celebrities including Kim Kardashian West, Joe Biden, Bill Gates and others started rolling in, asking Twitter users for Bitcoin donations in service of “giving back to the community.” These celebs would double donations to the unnamed “community” cause, the tweets read. All told, hackers made off with nearly $120,000, The Verge reported.
Twitter responded by locking the hacked accounts, which had follower counts in the millions. In addition to the big names above, the Twitter profiles of Barack Obama, Elon Musk, Warren Buffett and Kanye West were all subject to the cyberattack. Brands targeted included Uber and Apple.
Some of those responsible for the cyberattack spoke to Vice tech publication Motherboard under condition of anonymity, claiming that the call had come from inside the house: A Twitter employee had been paid off to provide access to a tool that among other privileges, could change the email address of a given account. A Twitter spokesperson told the publication that the platform has not yet confirmed whether the employee hijacked the accounts themselves or gave hackers access to the tool.
While Twitter is likely to receive a lashing from the press and on its own platform for the leak—as well as a potential federal inquiry—one can hardly accuse the company of under-communicating during the crisis. The platform shared real-time updates as it took unprecedented steps to address the leak, including temporarily locking verified accounts. However, as The Verge’s Nick Statt points out, the platform took over an hour to issue a response, which feels much longer when weighed against the lightning speed of social media chatter.
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
— Twitter Support (@TwitterSupport) July 16, 2020
Timing aside, Twitter was transparent as to the steps it was taking to address the problem, and why it was taking those steps—an important step in a social media crisis.
Many communicators will recognize this as a PR best practice. As Kristin Johnson, VP of communications and content at social media monitoring firm Sprout Social puts it: “When a crisis hits, the most important thing brands can do is address the issue directly, own up to their mistakes and showcase how they will change.”
The breach should serve as an important reminder for PR pros to prepare a crisis plan related to cybersecurity, whether they are overseeing messaging for social media accounts of celebrities and household name brands, or managing the social media presence of executives from companies that might be lesser known to the general public.
Henry Adjer is the head of threat intelligence at Deeptrace, a company that tracks manipulated media (deepfakes) across the web. He notes that cyberattacks are particularly harmful to the reputations of companies in the technology industry, which are “built upon a public perception of technological prowess or having highly secure business operations.” In addition, Adjer warns, cyberattacks impersonating an executive can have wider ramifications for stock prices, HR recruitment efforts and brand reputation among consumers and investors.
Following this debacle, PR pros may want to take advantage of a renewed sense of urgency to gain buy-in from their senior leadership for resources toward a cybersecurity communications response. The evidence that every company in existence can be impacted is irrefutable: Over a decade ago, a much-quoted University of Maryland study found that on average, hackers attempt a breach every 39 seconds. IBM found in 2019 that the average time to detect a breach is 206 days, meaning that most tech departments and PR pros won’t be able to issue a response until long after the damage has been done.
A final reminder: Change your passwords frequently (and include reminders in your internal communications cadence). Use a password manager like Lastpass to craft hard-to-crack letter and symbol combinations, and whatever you do, don’t be this guy.
Follow Sophie: @SophieMaerowitz