Australia's Leading Digital Marketing Experts. T. 1300 235 433  |  Aggregation Enquires Welcome

Example Interest Rates: Home Loan Variable: 1.89% (1.9%*) • Home Loan Fixed: 1.84% (2.11%*) • Fixed: 1.84% (2.11%*) • Variable: 1.89% (1.9%*) • Investment IO: 2.05% (4.36%*) • Investment PI: 1.58% (2.72%*)

The Day United Airlines Twitter Was Hijacked

The Day United Airlines Twitter Was Hijacked

There are a number of risks associated with using third party applications to manage online relationships with customers. We discussed the risks associated with short URL services recently, but that one topic doesn't come close to articulating the potential dangers of using multiple social (and other) platforms to manage data and/or relationships. Short URL services, unlike the likes of Twitter or Facebook, are not social services - despite the fact that they're often highly utilized or integrated with social applications. Short URL services are a standalone application that airlines can take complete control of themselves and, at the same time, the proprietary system will enhance their brand awareness, it will increase safety and security, and it enables them to take full control over sensitive marketing data - all under the jurisdiction of their own in-house privacy policy.

When an airline engages in third party social applications - most notably Facebook and Twitter - they surrender a huge amount of control over to the applications without the privilege of auditing their security, or indeed the luxury of making suggestions for modifications that best suit the airline social agenda. Engaging in these applications is of course the lesser of two evils, since refraining from that measure of engagement with their audience is a serious blow to their brand exposure.

United Airlines found out the hard way that somebody may use their established and respected brand for unlawful purposes. Hackers gained access to the United Airlines twitter account last Friday and used an opaque truncated URL (third party of course) to direct 60-odd-thousand users to a site that potentially could have taken advantage of browser vulnerabilities, or perhaps encouraged users to surrender personal details. In this instance, the nature of the message was worded in such a way that identified it as an unauthorized tweet, but what would have happened if the hackers had of said "70% of all airfares for the next 30 minutes"? How many users would have followed that link? The actual tweet directed users to a web page selling a male 'enhancement' product. This rules the pilots out of the suspect pool, of course, since they don't use such things. Cabin crew? Perhaps.

United twitter apology

From personal experience, I'm seen some airlines use simple (and often generic) passwords so multiple stakeholders can log into the same account with ease. Remember, Twitter is usually managed by the often IT illiterate marketing staff so their security awareness is often somewhat questionable. A good password uses up the maximum permissible characters allowed and includes a random combination of alphanumeric characters and symbols. Many online twitter applications allow an account to be assigned to particular users... but this will potentially multiply the number of access points that can be hacked to gain control over an account. Using an in-house API driven application can reduce the risks, but this may also limited the level of functionality- unless purpose built software is made.

Will a Hacked Tweet Affect Your Brand?

When you tweet a message or URL on Twitter, the customer is visiting that link on your advice - not unlike a spoken recommendation. A poor choice of link won't necessarily reflect poorly on the destination page, but you will be personally blamed for your poor judgment, and an airline brand could potentially be damaged.

The United Airlines hack didn't necessarily reflect poorly on United since it was so clearly an unauthorised message (although I'm sure there are plenty of people who followed the link out of naivety, neglect or curiosity). However, if it were established that it was carelessness in United's own security that facilitated the breach, it's possible that they might be accountable.

How to Respond to a Hack or Unauthorised Tweet

What did United Airlines do? They deleted the offending message 1 hour and 6 minutes after it was posted (quite a long time). They simply tweeted a quick apology and thanked those that brought it to their attention. Damage undone, really. Be quick to delete the offending data, be apologetic to all your users, and be thankful to those that reported it..

United twitter apology


One the same day of the United incident, I got a direct (Twitter) message from our friends at, @FlyingBrussels directing me to website that was sexual in nature.

Brussels Hacked

... and then the apology:

Brussels Apology

Download our 650-page guide on Finance Marketing. We'll show you exactly how we generate Billions in volume for our clients.

  AUS Eastern Standard Time (Washington)

  Want to have a chat?


Like this article?

Share on facebook
Share on Facebook
Share on twitter
Share on Twitter
Share on linkedin
Share on Linkdin
Share on pinterest
Share on Pinterest

Leave a comment