Today Anonymous is claiming responsibility for hacking Burger King’s Twitter account, disparaging the brand’s feed, products, and even posting photos of their top competitor as their logo, background image and fake product integrations (e.g. McDonald’s Whopper).

The real question isn’t “How did this happen?”, the question is “Why did this happen?”. As a former “big agency” guy, I’ll tell you exactly how it happened.

1. Social media team is hired.

2. Social media team creates spreadsheet for accounts they manage.

3. Social media team doesn’t want the brand’s Twitter account connected to their work email account, so they set up a Gmail (et al) account.

4. Hackers try to reset the password, discover it’s tied to a third party account.

And then the fun begins.

Unfortunately, not only is that the protocol for most brands and agencies but the basic ritual of changing the social media, web site and “other” email accounts (like service@____.com, social@____.com, etc) doesn’t happen. Speaking from personal experience, I’ve worked for agencies who’ve not changed their passwords for YEARS on their accounts across client accounts, tools they’ve rented and even FTP accounts. This doesn’t even take into account what happens when someone was laid off, fired or moved on to another agency. I can only imagine, given the persuasion to relax IT standards at many companies due to the proliferation of social media sites and tools, how many corporate accounts are tied to third party services like Gmail.

For those who’ve never experienced or seen this — because I’ve seen exchanges on Twitter today where companies are now taking this into consideration — it’s absolutely NOT something new. I.T. has been — for YEARS — trying to convince lockdowns on social media accounts claiming ownership for instances just like this.

Look for that to change in a big way. And that “We HAVE to have free reign on our machines/passwords/etc” excuse? Burger King just killed it for you.

Tags: