AP Twitter Hack Preceded By A Phishing Attempt, News Org Says

The AP Twitter hack which sent the stock market briefly crashing was caused by a phishing attack, according to the AP. The news organization now says the attack on Twitter was “preceded by a phishing attempt on AP’s corporate network.”

The Twitter attack, which has now become another high-profile example of why Twitter may serve as a breaking news outlet, but not a trustworthy one, came less than an hour after AP staff received “an impressively disguised phishing email” – at least, according to AP reporter Mike Baker, who shared this detail on Twitter. His account does not appear to be hacked, though we’ve asked both Baker and AP to confirm that fact, as well as the context of his tweets. (More to come Update: Although the AP confirmed the Twitter hack was preceded by a phishing attempt, an AP spokesperson declined to confirm Baker’s time frame of “less than an hour,” saying the AP had nothing further to add at this time.)

While the tweet referencing an attack on the White House drew the most attention, it was not the only AP account to have been compromised today.

More hacked tweets from a different AP account (@AP_Mobile) reference Syria, for example:



The politicized nature of these tweets may give authorities investigating the hack a lead. The Syrian Electronic Army took credit for the attack, it seems. (See second screenshot, above). That Twitter account points to a website syrianelectornicarmy.com, which details its cyber attacks, notes the New York Times.

As a precaution, tweeting has been suspended from  @AP_Politics and @AP_Courtside, the news organization says. Until AP can vouch for the security of its systems, it’s asking readers and followers to not respond to any news these accounts may post.

The high-profile nature of the posts the AP account made today has brought attention to what would have otherwise been a run-of-the-mill “Twitter account compromised” kind of story, which, as Twitter gains in popularity, are now increasingly common. (Burger King and McDonald’s being recent examples of that.) However, as the resulting impact to financial markets showed, a need for news organizations to strengthen their own internal security measures may be called for.

Twitter, too, also still needs to think about offering additional protection to users – like two-factor authentication, which Google, Microsoft, Apple, Facebook and other tech companies already support. The company has previously said it was “exploring” this possibility.

For starters, like many other businesses today, they may need to educate reporters and other staffers on the dangers of opening and clicking on links contained in phishing emails.

In March, for example, the BBC’s Twitter also came under attack from hackers who appeared to be sympathizers of Syrian President Bashar Assad. The hackers took control of several BBC accounts to post political and anti-Semitic messages.

These attacks mirrored today’s in terms of how the hackers initially gained access to Twitter accounts, it’s worth noting – the BBC said that phishing emails were being sent around their organization prior to the accounts becoming compromised. Details of those emails, ironically, were reported on by the AP who had obtained a copy of the internal missives.

No official word yet on whether or how these two incidents may be related, though the BBC Twitter account also referenced the involvement of  the “Syrian Electronic Army” in its hacked tweets. This group also claimed responsibility for hacks at NPR and CBS in recent weeks.

Julie Pace, the chief White House correspondent for the AP, announced at a White House briefing that the account had been hacked, as did the New York Times, which also reported that the president is safe and unharmed.

Today’s AP posts looked suspicious because the AP Twitter account normally posts messages using a social media tool known as Social Flow, and the erroneous tweets were sent from the web.

Also, as many on Twitter have now quipped: these hacks were obvious because they broke AP Style.

Update: Details regarding the phishing emails have now emerged. News watchdog site Romenesko has acquired by the phishing email itself, as well as a subsequent warning from the AP’s Information Security department to its staffers. Via Romenesko, here are the emails:

From: Associated Press Technology
Tue 4/23/2013 12:29 PM

All Staff –

Some users are receiving emails that appear to have a link to a Reuters or Washington Post news story. This email is a phishing attempt that takes users to a bogus site requesting you to log on. Users are advised not click to click on the link and not to enter their logon credentials. If you have already clicked on the link, or entered your logon credentials, please contact the help desk immediately.

Mark House
Information Security
The Associated Press
Office: 609.860.7233

This is the phishing email:

Sent: Tue 4/23/2013 12:12 PM
From: [An AP staffer]
Subject: News


Please read the following article, it’s very important :


[A different AP staffer]
Associated Press
San Diego
mobile [removed]

This story is being refreshed.