The Twitter account for the Associated Press was hacked on Tuesday and erroneously sent out a tweet saying there had been explosions at the White House, injuring President Obama.
Within a few minutes, Twitter suspended the account and Julie Pace, the chief White House correspondent for the A.P. announced at the White House briefing that the account had been hacked.
Jay Carney, Mr. Obama’s press secretary, confirmed that the president was unharmed.
Editors at the A.P. soon followed with a statement saying that “The (at)AP twitter account has been hacked. The tweet about an attack at the White House is false. We will advise more as soon as possible.â€
The Dow Jones Industrial Average plummeted more than 130 points when the news broke on Twitter â€" an indicator of traders’ presence on the social media platform â€" before immediately recouping the losses after it became clear that there had been no incident at the White House.
The A.P. typically uses Social Flow, a social media tool, to distribute tweets. But in this case, the attackers tweeted directly from the Web, according to the meta data associated with the Tweet.
In the past few days, the A.P. discovered that malware had infected some of its company computers, according to an AP spokeswoman. Hackers can use malware to gain a foothold inside a company’s computer network and from there, can gain access to a company’s usernames and passwords to e-mail, administrative and social media accounts.
This is the third high-profile account to be hacked in recent months. In February, Burger King’s Twitter account was hacked, the company’s logo was replaced by a McDonald’s logo and rogue announcements began to appear. A day later the Twitter account for Jeep was also attacked.
But the attackers used the A.P.’s Twitter account for more nefarious means. Within seconds, the erroneous A.P. headline about explosions at the White House had spread all over Twitter and been retweeted hundreds of times.
The incident, and hacking episodes before it, continue to raise questions about the security of social media passwords and the ease of access to brand-name accounts. Logging on to Twitter is the same process for a company as it is for a consumer, requiring just a user name and one password.
Twitter has tried to take an active role in ridding malicious content from its platform. It has manual and automatic controls in place to identify malicious content and fake accounts, and last year the company sued those responsible for five of the most-used spamming tools on the site.
But preventing hacking and identifying fake accounts continues to be more art than science. Security researchers estimate that as many as 20 million Twitter accounts on the platform are fakes, and real accounts continue to be catnip for hackers.
