McDonald’s said its main Twitter account was hacked Thursday morning, resulting in an insulting tweet directed at President Donald Trump.
A tweet posted after 8 a.m. Central Time Thursday on McDonald’s main account, @McDonaldsCorp, called out the president, calling him a “disgusting excuse of a President” along with a judgment of his hand size.
The tweet, which has since been removed, was online for about 20 minutes. It was pinned to the top of McDonald’s Twitter feed for a period of time.
About an hour later, McDonald’s said in a tweet that Twitter had informed the fast-food giant that its account had been compromised.
Terri Hickey, a McDonald’s spokeswoman, said the Twitter account was hacked.
“Based on our investigation, we have determined that our Twitter account was hacked by an external source. We took swift action to secure it, and we apologize this tweet was sent through our corporate McDonald’s account,” she said.
A spokesman for Twitter said the social media site doesn’t comment on individual accounts.
Other Twitter users responded to the original McDonald’s tweet, with some joking that they would visit McDonald’s more as a result.
Kellan Terry, a senior data analyst for BrandWatch, a company that provides social media insights, said the tweet caused McDonald’s Twitter mentions to spike more than 150 percent.
About two-thirds of the mentions showing emotion were positive.
“Big Macs are starting to trend within the McDonald’s conversation as people are either saying they are buying a Big Mac today to mark the occasion, or they wonder if Trump supporters will now ‘cut Big Macs from their diet,'” Terry said.
Terry doesn’t believe the tweet will have an impact on McDonald’s beyond the next few days. But security experts say it should be a lesson to corporations to better secure their increasingly important social media presence.
“There are just so many ways, if you’re not careful, for an adversary to have access to your social media accounts,” said Michael Bailey, an associate professor of electrical and computer engineering at the University of Illinois at Urbana-Champaign. “Corporations are ripe targets because they have such a large presence on social media.”
On Wednesday, hundreds of prominent Twitter accounts — from celebrities like Justin Bieber to news organizations including Forbes — were hacked. The hackers, which are believed to have gained access through a third-party app that analyzes Twitter followers, changed the users’ background photos to one of the Turkish flag and sent out political messages in Turkish.
Jack Koziol, president and founder of InfoSec Institute, an Elmwood Park-based information security training company, said Twitter account hacks like the McDonald’s incident primarily are done through “phishing scams” where the hacker figures out who owns the corporate Twitter account through public information (a LinkedIn profile, for example) and then sends a password reset email to the person. If that person clicks on the email, he or she can inadvertently give a password, and therefore access, to a hacker.
“The two best ways to prevent this are via two-factor authentication and education,” Koziol said in an email. Two-factor authentication can be set up by any account, corporate or personal, and requires a verification code sent to a phone number, in addition to a password, to log on. Education, he said, includes being knowledgeable and diligent about how to keep your personal information and your social media accounts safe.
“We don’t walk around holding cash in our hand in a dark alley, we need to be smarter online as well,” he said.
Ally Marotti contributed.
sbomkamp@chicagotribune.com
Twitter @SamWillTravel
