Delta Airlines: Social Media Security Breach
Recently this year, Delta Airlines had their FaceBook page compromised. Instead of their normal travel related content, objectionable images were posted. An obscene link was published on the page under the title, "10 Reasons Why Girls Dont Give Bl--j—s”, and about an hour after the initial post, a second lewd link was posted. (Zhang, 2015) The company was able to remove the content within an hour and none of their other social media sites were hacked.
Luckily for the company, there have not been any severe consequences as a result of the Facebook breach. They were able to somewhat quickly remove the content from their site and publicly apologized in a timely manner. Again, apologies were posted on the Delta Airlines Twitter and Facebook sites. Judging by what I have read in several articles, it seems that followers figured out on their own that the site had been hacked and actually sympathized with the company. The event does raise the question about securing these sites, especially after US Airways had an even more offensive breach to its social media sites. The identity of the Delta hacker is still unknown despite the companies efforts to uncover the identity. (Stampler, 2015) A Delta representative was quoted as saying, “We are investigating the source of the hack and will incorporate any key lessons to strengthen our social media security measures. No other social media platforms were compromised.” (Yamanouchi, 2015)
Considering the images were removed within an hour and apologies posted, I think the company did handle the situation relatively well. I do believe Delta, and other companies, need to have teams solely dedicated to contributing to and monitoring their social media sites at all times in order to prevent similar breaches. The images could have been eliminated even faster and the site protected to a certain extent. I don’t think they necessarily needed to apologize through other media, especially because television news coverage included coverage of the company’s formal apology. Part of preventing another breach would include employee training and using the most advanced technology and networks to ensure security. They should also have some type of pre crisis plan in order to be prepared for the possibility of another event occurring. If I were part of Delta’s leadership, I would have taken the breach as an opportunity to increase the companies reputation and boost awareness. Delta could have increased their social media around travel and any community or charity activities to bring attention back to the services the company provides for customers.
Below is a simple list from Business News Daily by David Mielach (2013) to prevent security breaches along with the link to the full article:
- Train your employees: Companies should train all of their employees to use strong passwords and avoid dangerous links and emails.
- Know your data: Employees should know where confidential data is stored and be sure to have it in a secure location.
- Keep track of your devices: Companies should keep track of all the devices that employees use as a means to prevent potential data breaches.
- Protect your network: Companies need to utilize firewalls and virtual private networks to secure sensitive information.
- Secure physical devices: All electronics and physical devices should be secured and locked so that access is limited.
- Keep facilities safe: Offices and stores should be locked to keep them protected.
- Protect your website: Companies can reassure customers by using trustmarks on their website and utilizing strong anti-virus software.
- Have clear cybersecurity policies: Companies should write a clear, well-planned policy that encompasses device use and how to dispose of secure information.
- Dispose of products the right way: When devices are no longer being used, companies need to wipe all information from them and physically shred all paper documents.
- Screen employees: Companies can limit their risk by screening employees prior to hiring them.
References
Zhang, B. (2015, February 10) Delta Airlines' Facebook page was hacked by someone who posted obscene photos. Retrieved at:http://www.businessinsider.com/delta-airlines-facebook-page-got-hacked--obscene-content-posted-2015-2
Yamanouchi, K. (2015, February 10) Delta investigating hack of its Facebook page. Retrieved at:http://www.ajc.com/news/business/delta-investigating-hack-of-its-facebook-page/nj8BJ/#__federated=1
Stampler, L. (2015, February 10) Delta Airlines’ Facebook Page Got Hacked. Retrieved at:http://time.com/3703640/delta-airlines-facebook-page-got-hacked/
Mielach, D. (2013, July 1)10 Ways to Prevent a Data Security Breach. Retrieved at:http://www.businessnewsdaily.com/4714-prevent-small-business-data-breach.html
Hi Alina! Your example is a little similar to mine, both were relatively short and not across all of their platforms (unlike Joe's, which looks like all of CNN for a day).
ReplyDeleteBut based on their posts, it was someone that managed to gain access and post obscene content for kicks, versus mine and Joe's which were politically motivated.
Did they ever release a follow up on what happened? In a guess: since none of Delta's other accounts were vandalized, and since Facebook page managers are just given access to a page instead of having a dedicated password, someone's personal account was accessed by someone, they saw they were an account manager, and started posting obscene links until the account was recovered. The stupidity of the links without any real focus seems to me that it was someone who stumbled upon a "jackpot," such as it was, and had their "fun" until it was taken away.
I'm also going to guess that whoever had their account accessed was reprimanded. Heavily.
I'm not using the term "hacked" for this, since that conjures up images of '80's thriller movies with someone furiously slamming code into a computer which is the only light in a nondescript dark room. Probably in a rented out warehouse out by the docks.
Nowadays these social media page hackings are really just social engineering, or tricking people into giving you information. The best practices that Sabrina linked from McAffee give an example of the kind of trick the manager may have fell for:
"Beware of posts with subjects along the lines of, “LOL! Look at the video I found of you!” When you click the link, you get a message saying that you need to upgrade your video player in order to see the clip, but when you attempt to download the “upgrade,” the malicious page will instead install malware that tracks and steals your data" (Siciliano, 2011).
(I'll be dead honest, I clicked on a link like that once. I was half asleep, friend was an actress that I had done a production with recently, it was perfectly believable to my half asleep mind there was a video of me. And then I was filled with pure horror after I realized what I had done, and scrubbed my computer and changed every password I had for good measure. Oops.)
References
Siciliano, R. (2011, July 13). 15 Social Media Security Tips - McAfee. Retrieved February 27, 2015, from https://blogs.mcafee.com/consumer/15-social-media-security-tips
Harley,
DeleteThanks for your response. I was reading another article online about cyber security. There was a software expert talking about coaching employees to be more aware of how they are using their systems and being aware of what they click on. He mentioned that no matter how many times you tell someone not to click on the pop up or link saying that they won a free iPad, they still click on it. This could happen to any of us, especially when half asleep!
Delta was fortunate to not have to deal with any severe consequences to their business as a result of the event. They still have not announced finding those responsible for the breach, but they made statements about their continued efforts to find more information and further securing their sites to prevent another similar situation.
I honestly find it intimidating how easily some systems can become compromised. I am not technologically savvy and have increasingly become hesitant to make purchases online and will certainly not do any banking online, despite the convenience.
Hi Alina,
ReplyDeleteGreat example!
One thing you touched on above that I think is extremely important is having a resource that is constantly monitoring the social media sites to identify if there is any inappropriate activity. Like Delta, if the activity is found fairly quickly it is easier to remove content, apologize to followers and mitigate any potential damage that could be done.
You mention that followers actually sympathized with Delta for the hack. Do you think people are becoming desensitized when this activity happens? Almost the mindset of "here we go again!"
Hi Sabrina,
ReplyDeleteThe Facebook posts on the Delta site did express sympathy. People also posted comments saying that the obscene images were obviously not posted by Delta and that they hoped for a resolution. It was good to see that followers were so supportive of the company.
It's interesting to think about people becoming desensitized to to these types of events. I think that this is totally the case, especially when it is something trivial or an obvious prank. People might have more of a reaction, I suppose, if the content posted was related to a sensitive topic like religion or race. I also believe that people are generally reactionary. It's not until people are directly effected that will lead to a greater response. I think situations where people's identities and financial information become compromised, are the cases that people have the most reaction.
Hi Alina,
ReplyDeleteThis is a great example! I wonder if they were able to get to the bottom of this scandal? I haven't seen or heard anything in the news to make me think they were able to, but it's truly interesting that something like this can happen even though people take precaution to protect themselves online. What would be really interesting is to see if the post originated from an internal employee or if the site was hacked externally.
Thanks!
Allie