Twitter has the jitters after AP account hacked

Twitter plans to bolster security on its site after the account of The Associated Press news service was hacked and an erroneous post triggered a stock market decline, according to a person familiar with the matter.

The feature is known as two-step authentication, which can make it harder for outsiders to gain access to an account, said the person, who declined to be identified. In addition to a password, the security measure usually requires a code sent as a text message to a user’s mobile phone, or generated on a device or software.

Twitter’s defense against hacks involving the theft of passwords came under scrutiny this week after a hacker sent a false post about explosions at the White House, triggering a drop in the Standard & Poor’s 500 Index that wiped out $136 billion in market value. The attack came the same month the U.S. Securities and Exchange Commission said companies can use social-media sites to share market-sensitive news. It also threatened to complicate efforts by Chief Executive Officer Dick Costolo to establish the service as a viable business ahead of a possible initial public offering.

“The account that got compromised is the big difference here, as opposed to the traditional impersonating-a-celebrity to say something shocking,” said Wade Williamson, a senior security analyst at Palo Alto Networks, a provider of network-protection tools.

The attack doesn’t appear to be particularly technically sophisticated and is probably an example of an account hijacking involving the theft of the AP account user’s password, Williamson said.

As people put more private information online, Apple, Google, Facebook and eBay’s PayPal have introduced similar security tools. Wired reporter Mat Honan, who had some online accounts hacked, earlier reported on Twitter’s plans to introduce two-step authentication.

The AP restored the Twitter account this morning after it was suspended on Wednesday pending a security review.

The incident follows a week when social media played a prominent role after the Boston Marathon bombing, as Twitter postings and other updates contributed to the rapid spread of information. While some fanned rumors via Twitter, other posts were viewed as more reliable than traditional media. Investors should take steps to verify information even when it comes from seemingly trusted sources, according to Susan Etlinger, an industry analyst at San Mateo, California-based Altimeter Group.

“This is absolutely a danger of social media,” Etlinger said. “It doesn’t mean we need to throw out social media entirely; it just means we need much better methods for fact-checking and authentication.”

The false information from the AP account, which also said President Barack Obama had been injured, came after repeated attempts by hackers to gain access to AP reporters’ passwords, the news agency said. The AP said it was working to fix the vulnerability.

The news agency is the latest victim in a series of hacking cases against news outlets, including the Twitter accounts of CBS News’ “60 Minutes.”

Common tactics that hackers use to gain access to company accounts or user passwords include spear phishing attacks, in which someone is duped into installing malicious code onto their computers or mobile devices, and malware hidden on Websites, according to Eric Fiterman, a former FBI agent who recently founded the Washington-based cybersecurity company Spotkick.

Bogus Twitter feeds can damage the reputation of a business and possibly expose a company to lawsuits, said Nick Economidis, an underwriter with Beazley, a financial services company in London that sells data-breach insurance. Bloomberg