Is it time for Twitter to validate account IDs?

Vote Obama 2012 says Fox News. Or does it?

Some news websites were caught with their trousers down earlier today when they reported that a hacker had broken into the Twitter account of Fox News and posted offensive messages.

The @AllFoxNews Twitter account has now been suspended, but for a while was displaying messages urging Americans to vote for Barack Obama in 2012 and evangelising their support for left-wing film-maker Michael Moore.

As Fox News is notoriously conservative, onlookers immediately thought that perhaps the Murdoch-owned TV network had suffered at the hands of a hacker.

After all, the messages posted on the AllFoxNews Twitter account bore an uncanny resemblance to the genuine attack where a hacker broke into the TV news station's real Twitter account (as well as those of Britney Spears, Barack Obama, and others) earlier this year, as the following video shows:

The reality was that this latest incident was just a schoolboy prank. The AllFoxNews account never belonged to Fox News in the first place - and so Twitter and the news organisation's security had not been compromised.

But it does raise a couple of interesting questions. Firstly, if you're an organisation with a well-known brand - are you doing a good enough job ensuring that no-one else is abusing that brand via Twitter?

You may be used to looking out for ne'er-do-wells setting up websites with similar domain names to your own - but how about Twitter IDs?

Indeed, is it your job at all? Should Twitter be doing more work to confirm that users who create accounts which use brand names have the rights to start up those accounts in the first place?

And if you're an online journalist or blogger - are you doing enough to check that your story is accurate before you report it as fact to the rest of the world?

The internet is still the wild west it seems, and the rules of how we work and play in them are still being worked out as we go along.


Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website you can find him on Twitter at @gcluley.