Subterfuge by Tweet: An Analysis of Twitter’s Crisis Response

Late last week, Twitter co-founder Evan Williams reported that his personal Twitter account, email account, and the emails accounts of both his wife and another Twitter employee were all hacked as a way to gain access to private company documents (including projections and plans for next quarter). Those documents were picked up by several magazines and blogs and, ironically, made twitter’s security one of the most popular search items of the day.

This level of Twitter infiltration has been anticipated by a number of industry expert—the Twitter business model, combined with unequaled growth in this space, means that they have been particularly susceptible to online attacks. In fact, Twitter is fortunate that this security breach didn’t directly impact its users, only its leadership. Twitter has grown nearly 2,000% over the last year alone; one of the most common causes of business failure is growing too quickly, moving too fast and becoming unable to deliver for users in the same capacity.

Twitter’s business model hasn’t lent itself to security, either. Twitter based itself on the “megaphone” model, rather than the “campfire” business model that saw success in Facebook and other social networking Web sites. Facebook was designed to promote Harvard only, then a few select Ivy Leagues, and then, gradually, universities across the country. It built a reputation through exclusivity.

The last model similar to Twitter was the blog, which requires much more effort to maintain and is still less open to the public than Twitter. Twitter encouraged everyone to come on board and shout as loudly as they could along the way—an excellent initial model, but not structured enough to ensure the identities of accounts or security protocols.

Fortunately, what Twitter lacks in security preparedness it more than makes up for with excellent crisis communications. The actual attack occurred over a month ago, and the Twitter leadership decided against fanning the flames until they were certain it would become an issue. If Twitter had raised the crisis flag and attempted to be more proactive in informing constituents about it, they would have run the risk of raising questions unnecessarily. They created a plan in-house and were lucky enough to have a month to prepare for the first pirated documents to reach TechCrunch.

Once those documents were submitted and the first rumor spread of a security breach, Twitter responded almost immediately on the official Twitter blog, following the #1 rule of crisis communications: tell the truth and tell it first. Eighteen to 24 hours is no longer an acceptable timeframe, and Twitter’s listening program made it possible to anticipate when the public would catch wind of the hacked accounts, particularly within their own communities (Cision now monitors the Twitter accounts of journalists for this reason, and dna13 monitors over 40 million blogs as part of their listening platform).

The most important message in the Twitter crisis response is that the pirated documents would have no impact on the users—they understood that users cared about their security first and assured the public that none of the documents held information about Twitter users or Twitter security information. This was an important message, especially after several celebrities’ Twitter accounts were hacked earlier this year.

User security is going to become an even more hot-button issue as Web applications gain popularity in the business arena. The caveat emptor of social media is that everything we do online is traceable—even “private” profiles on Facebook are not permission-based and can be forwarded to employers or clients. The law says that Internet providers like Explorer, Mozilla Firefox, and Safari are not responsible for the content or actions of a user group. Craigslist used the same defense recently in their information monitoring and sharing trial. Johnson & Johnson’s Marc Monseau has talked about the dilemma of separately tweeting on personal and business accounts; he warns that we are “always on”.

Nonetheless, Web-based businesses and social networking sites must respond to the pressure users place on privacy and security by listening to their communities and responding accordingly. While Twitter failed to create a platform that successfully manages security risks, its ability to market itself as a perpetual “beta” program and respond to crises successfully means that, one week later, the same record number of tweeters are still tweeting, 140 characters at a time.

Mike Smith is CEO and Ashley Houghton is an Account Supervisor at Michael Smith Business Development. Follow Mike Smith and Ashley Houghton on their Twitter accounts, @SmittyPA and @PRYouReady.

Comments Off

Deals of the Week

Get $150 Off PR News' PR Measurement Conference


Join us on April 20, 2015, for PR News’ essential PR Measurement Conference at the National Press Club in D.C., and learn how tie PR metrics to measurable business outcomes.

Use code “150off” at checkout to save $150 on the regular rate.

Get $50 off PR News' Book of Employee Communications


In this 5th volume of PR News’ Book of Employee Communications, our authors cover more than 45 articles on crisis communications, social media policies, human resources collaboration, brand evangelism and more.

Use code “50off” at checkout.

Save $100 on a PR News Subscription


Let PR News become your weekly, go-to resource for the latest PR trends, case studies and tip sheets. Topics covered include visual storytelling, social media, measurement, crisis management and media relations.

Use code “SUBDEAL” at checkout.

Comments are closed.