Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsSecurity Enterprise ServicesSecurity Education & Training

Facing the Risks of Social Media Account Takeovers

Social media is playing an increasingly important role in global business marketing strategies – and for good reason.

By John Worrall
Social Media security risks
Social Media security risks

John Worrall

Social Media security risks
Social Media security risks
September 1, 2014

Social media is playing an increasingly important role in global business marketing strategies – and for good reason. Social media has helped build international brand awareness, provide a new level of customer support and launch new products and ideas quicker than ever before.

However, as quickly as social media can build a global brand, it can tear one down at the hands of malicious insiders or hackers. And there’s money in it too. A recent report from Rand Research suggests that stolen Twitter accounts are now worth more than stolen credit cards. As cybercriminals become more sophisticated, they are also becoming more adept at stealing social media credentials and taking over accounts. We witnessed this from the hacks of several global organizations over the last year. For businesses, account takeovers can lead to the unauthorized publishing of confidential information, such as intellectual property, legal, regulatory and compliance violations, disclosure of personal data and identity theft.  The results can produce lasting, compromised brand reputations and significant financial losses.

With more frequent attacks of this nature, it’s time for organizations to take a closer look at how they manage their social media accounts. The thought that “it won’t happen to me or my business” will cost everyone in the long run. It’s imperative that we take measures now to prevent hackers – as well as disgruntled employees or associates – from hijacking accounts and posting damaging content.

 

Social Media Hacks Are on the Rise

When a corporate social media account is compromised, unauthorized content can be viewed by millions of people across the world within seconds, causing untold damage.

For instance, in April of 2013, hackers (supposedly from the Syrian Electronic Army) accessed both the Associated Press’ (AP)and FIFA World Cup’s Twitter accounts. A single tweet from the APTwitter handle resulted in a $136.5 billion drop in the S&P 500 index’s value in minutes. The AP was able to trace the attack to one of its employees that may have inadvertently given away company passwords in a phishing scheme by hackers. For FIFA, they suffered diminished organization reputation over a tweet that suggested the decision to award Qatar the 2022 World Cup had been a result of monetary exchanges.

Burger King’s Twitter account was also targeted and compromised earlier in the year. During the hack, the company’s account was made to look like McDonald’s with a post that said Burger King had been sold to McDonald’s. This attack served as a wakeup call for all organizations that hackers are on the prowl for access into social media accounts. In fact, a day after the Burger King incident, a similar attack – possibly by the same group behind the food chain’s attack – occurred on the official Twitter page for Jeep, citing that the company was sold to Cadillac.

These hacks were caused by external groups, but there can be equally damaging incidents caused by people inside an organization that at one point were given authorized access to a company’s social media accounts. This happened to HMV, an entertainment retailer based in the UK, after the company let go of a large number of employees. One disgruntled laid-off employee, who was formerly HMV’s social media manager, took advantage of her access to the company’s Twitter account before officials realized she still had access. Her unauthorized post called attention to what she labeled as the company’s “mass execution of loyal employees who love the brand.”

 

The Overlooked Threat: Shared Privileged Accounts

It is easy for hackers to hijack global social media accounts because of the sheer volume of accounts of this type and the large number of people managing them. Enterprises have hundreds of social media accounts on Twitter, Facebook, YouTube, LinkedIn and other outlets with unique accounts for different product lines, languages, countries and stakeholders (such as consumers, partners and stockholders).

These accounts are typically set up as shared privileged accounts, meaning teams of people throughout an organization, distributed across the world, can post information to these accounts on a daily, hourly or even more frequent basis. The passwords for these are often shared among the teams, making them easy targets for hackers and malicious insiders.  In addition, there is no record or accountability for each individual’s posts, leading to further challenges in securing and managing social media accounts.

Because people posting on social media accounts don’t typically have access to financial or customer information that is traditionally deemed of high value, the security on these accounts is often lax, with little management and control of the passwords. Companies may not know who has access to their social media accounts or the passwords on the accounts. To make matters worse, the same password is frequently used across multiple accounts, and the passwords are rarely changed.

Lax security opens the door for rogue current or past employees (as seen in the HMV example) or social media agency members that are disgruntled. As hackers become more sophisticated and more organized they can essentially compromise any system that is lacking proper security. Hackers use multiple methods of intrusion including dictionary attacks, social engineering, software or social media applications. For instance, the use of Twitter and Facebook accounts can introduce additional risks, as these platforms may provide hackers with access to valuable data such as passwords, APIs or other sensitive information.

           

Mitigate the Risk of Social Media Breaches

Social Media Management Systems are often adopted by organizations to manage social media accounts, however these solutions are built as management tools, forgoing the necessary security measures on privileged user access.  These solutions leave organizations vulnerable due to the continued use of static passwords and multiple users. In order to properly secure and protect social media accounts, they should be viewed as privileged accounts, and best practices for privileged account security must be employed to mitigate the risk of compromise. 

The following preventative measures must be adopted to secure social media account access and protect an organization’s brand.

Securely store credentials: Protect social media credentials from being stolen by storing passwords for the accounts in a secure place. This will reduce the ability of hacker organizations to take over social media accounts.

Enable transparent access:  Allow authorized users to seamlessly authenticate to the account without knowing their passwords, making it difficult for hackers to discover and steal credentials.  Utilizing an agent-less technology securely exchanges passwords without requiring an agent on the cloud applications.

Eliminate shared credentials: Storing passwords in a digital vault requires users to log in individually for access, eliminating the accountability challenges of shared credentials.

Automate and enforce password changes: Ensure that each password is changed on a regular basis.  Passwords can be changed as frequently as after every use. Regularly updating passwords reduces the chance of an outsider stealing and using a valid credential.

Trace account activity: Create a record of activity on social media accounts to trace all posts directly back to an individual authorized user.  This helps identify weak areas of security and identifies rogue employees that may be posting damaging content.

Record social media administrator sessions: Record social media account administrator sessions to provide further proof and an audit trail of exactly who did what within an account.

The threat to global organizations and social media is real, it’s evolving, and the risk is increasing. Preventing account takeovers through shared privileged accounts is imperative and necessary. Privileged Account Security solutions play a critical role in protecting access to social media accounts thereby preventing embarrassing incidents that can result in brand damage. 

 

About the Author: John Worrall is the Chief Marketing Officer at CyberArk, responsible for the company’s global marketing efforts including product marketing, branding, corporate communications and all lead generation activities including the inbound, channels and field marketing. 

 

 

KEYWORDS: brand security reputational risks security risk management social media risk social media security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • social media app

    Social media account takeovers increased over 1000% in 2021

    See More
  • socialmedia

    Manage the Risks of Social Media to Reap Business Benefits

    See More
  • keyboard pieces underneath key lock

    Social media was 72% of non-government or financial account abuse

    See More

Related Products

See More Products
  • Whitepaper-Social-Media-3.gif

    Optimizing Social Media from a B2B Perspective

  • 9781138378339.jpg

    Surveillance, Crime and Social Control

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing