A compromised Twitter account has resulted in the embarrassing broadcast of a spam message via the BBC's website.
More and more TV stations are encouraging both their staff and their viewers to jump onboard the social media bandwagon, and use the likes of Twitter to interact and keep up-to-date with the latest developments. But if you don't take care, you may end up with some egg on your face.
Take, for example, BBC Sport's extensive online coverage of the Rugby World Cup, where alongside the match reports and videos you can also follow the latest tweets from the BBC's Rugby correspondents.
It sounds like a terrific idea - a great way for sports fans to keep up with the latest developments from the BBC's team of experts. But take a closer look and you'll find that Jim Mason, BBC Scotland's rugby correspondent, appears to have had his Twitter account compromised. Overnight it sent out a spam message encouraging people to investigate an Acai Berry diet.
Serious about shedding a few pounds? read this its interesting! [LINK]
Jim only has a few hundred followers of his Twitter account, so this spam won't have had a huge impact there. But because it has been syndicated to a much wider audience via the BBC's sports website it has the potential reach many more people and - of course - increase embarrassment for the corporation.
Some 14 hours after the tweet first appeared, it still hasn't been deleted - and is still appearing on the BBC's website.
If you were to click on the link (I wouldn't recommend it) you will be taken to a website that poses as a fake news page, promoting the miracle Acai Berry diet.
My guess would be that Jim's Twitter password has been phished. He should change it immediately, and ensure that he is not using the same password on any other website.
And if you're a media organisation - consider how you're going to handle an authorised Twitter message appearing on your website. This time it was just spam, but it could have been something much more malicious.
Follow @gcluley
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
Hi Graham -
Thanks for the alert. We'll get the tweet deleted. Because so many tweets fly through that module on our site (it only displays a few at a time as you can see) the tweet had gone before I spotted it, and so I was unaware of it (despite it still being on Jim's page, as you point out).
You're right to highlight the wider issue though - touch wood, we have a very strong track record of our accounts not being breached, but that doesn't mean we are complacent, and I will remind all of our 'official users' of Twitter to change passwords regularly, and not click any URLs they are unsure of ... just the good practice stuff really.
Appreciate the alert and the reminder.
Lewis Wiltshire (Social Media Editor, BBC Sport). @LewisWiltshire
Hi Graham,
Best security practice: only respond to direct messages and check out new followers by going to the Twitter website. Lately there have been reports of false Twitter notifications. By clicking on the links in these emails you could be infected with a virus or perhaps you might be asked to enter your Twitter credentials. Unwittingly you are not logging in to Twitter but instead providing your Twitter password to phishers.
Deborah Galea, contributor to Email Security Blog: http://blog.policypatrol.com.