On President’s Day, Burger King marketers woke up to a nightmare.
The company’s branded-Twitter account had been hacked. BK’s reputation was, well, a joke. And by the time the company regained control, most of the internet was laughing.
If they had been bankers, it would have been worse.
Potential regulatory issues; Bank customer losses as a result of social engineering attacks (tricking customers to hand over their passwords and usernames over Direct Message); Perhaps, even, an overall drop in what community bankers count on the most, loyalty.
From an inspired analysis from Reuters ( by Joseph Menn, you should really read it):
Those on the front lines say it isn’t all about protecting U.S. government and corporate networks from a single sudden attack. They report fending off many intrusions at once from perhaps dozens of countries, plus well-funded electronic guerrillas and skilled criminals.
Security officers and their consultants say they are overwhelmed. The attacks are not only from China, which Washington has long accused of spying on U.S. companies, many emanate from Russia, Eastern Europe, the Middle East, and Western countries. Perpetrators range from elite military units to organized criminal rings to activist teenagers.
The fact that Twitter has acknowledged that it needs to beef up its security, alone, should scare executives. It’s a signal that perhaps financial services outfits shouldn’t have been so quick to jump into bed with the social networks — trusting their reputations with third-parties.
Yet, they undeniably have.
Bank of America. Chase. BBVA. [Insert your bank’s name here]. Most of all American Express, which is trusting its customer’s transactions with Twitter through its recently rolled-out Sync service (albeit securely with extra authentication built-in, an executive assured me this week).
Still, Chirpify chief executive Chris Teso makes a good point, when he says:
In the upcoming week, I’m curious about:
What are the real risks with trusting your brand to Twitter?
What are the worst outcomes of a hijacked account?
And what are banker’s plans to hedge against such attacks, if they should happen?