Twitter Security

It’s not talked about often, but security should be a major focus of your social media strategy. From confidential data to the uniqueness of passwords, every element of your social accounts needs to be protected from hackers, scams, and phishing.

Chipotle is the latest brand to have its Twitter account hacked. This past weekend, hackers posted expletive-laden tweets with racist and homophobic slurs while changing the company’s profile photo to a swastika.

Fortunately, many of Chipotle’s 623,000 followers recognized this as the work of hackers and seemed to sympathize with the brand.

Although the breach was short-lived, this is far from the first time that a major brand has had its Twitter account hacked. In 2013, Burger King and Jeep both had their accounts compromised over a 24-hour period. More recently, some accounts of the New York Post and UPI were briefly hacked with posts containing false economic and military news. Just a few weeks ago, pop star Taylor Swift’s Twitter account was also hacked.

How to React to a Twitter Attack

What you do after being hacked depends on two things: whether you can gain control of your account and what crisis communications plan your business has in place. Below are a few steps to help you react appropriately.

Try Resetting First

If your account has been hacked and you’re unable to log in, request a password reset immediately. Look for the reset email at the address associated with your Twitter account. If you’re still unable to login after the reset, secure your account again by submitting a support request.

Select “hacked account” from the list of options, and be sure to use the email address you associate with the hacked Twitter account. Additional information and instructions will be sent to that email address. You’ll also need to include both your username and the date you last had access to your account.

If you’re able to login, immediately change your password and make sure that the email address associated with your account is secure. If necessary, you may need to change your email address or update its password. Also, while logged in, visit apps in your settings and revoke access for any third-party app that you don’t recognize.

Respond Where You Can

If you’re unable to regain control of your account, find another outlet where you can update your fans or customers about why your Twitter account is unavailable. Taylor Swift took to Tumblr. “My Twitter got hacked, but don’t worry, Twitter is deleting the hacker tweets and locking my account until they can figure out how this happened and get me new passwords,” she explained.

Set the Record Straight

Chipotle got ahead of the media storm by taking action early. After regaining control, the brand tweeted an apology to its followers first thing Sunday morning, allaying any further confusion.    

Always Communicate Openly

Chipotle Communications Director Chris Arnold let customers know that an investigation was underway, showing that the brand takes the matter seriously and wants to be transparent about its next steps.

Have the Last Laugh

It’s critical to get in front of the attack so that your message, rather than the hackers’, can become the focus. When Swift returned to Twitter just two hours later, she used humor neutralize the situation.

How to Prevent a Twitter Attack

Offense remains the best defense. To keep your account safe from hackers, use a strong and unique password. Twitter has wisely highlighted a few tips, which can be applied to most passwords regardless of platform.

Password Dos:

  • Create unique passwords at least 10 characters long (the longer, the better).
  • Use a mix of uppercase letters, lowercase letters, numbers, and symbols.
  • Use a different password for each website you visit.
  • Keep your password in a safe place.

Password Don’ts:

  • Use personal information in your password, such as phone numbers, birthdays, etc.
  • Use common words, such as “password.”
  • Use sequences, such as “abcd1234,” or keyboard sequences, such as “qwerty.”
  • Reuse passwords across websites — your Twitter password should be unique to Twitter.

You also might consider protecting your Twitter account with login verification, a form of two-factor authentication. You’ll be asked to register a verified phone number and a confirmed email address. To get started, visit your account settings page and select “require a verification code when I sign in.”

Last, but not least, practice safe tweeting habits:

  • Don’t click on weird links in DMs.
  • Before logging in, always check that you’re on
  • Never provide your password via email, DM, or @reply — Twitter will never ask you to.

For more information about keeping your Twitter account secure, check out the company’s safe tweeting article.