Following a hack attack, the Associated Press' verified Twitter account posted "an erroneous tweet" claiming that two explosions occurred in the White House and that President Barack Obama is injured. Moments later, the @AP Twitter account — with nearly 2 million followers — was suspended.
Immediately following the false tweet, the Dow Industrial Average lost about 140 points. These losses were immediately recovered. (See chart below.)
"That's a bogus tweet," an AP spokesperson initially told NBC News, a statement that was repeated by the company's corporate communications account. Though the false tweet disappeared, the false message continued to exist on the service in over four thousand retweets.
In a briefing that occurred after the erroneous tweet appeared, White House spokesman Jay Carney told reporters that "the president is fine, I was just with him." Julie Pace, AP's chief White House correspondent, reiterated during the briefing that "anything that was just sent out about any incident at the White House is actually false."
AP media relations director Paul Colford is quoted, in a blog post, as saying that the company had also suspended other AP Twitter feeds, "out of a sense of caution." He added, "We are working with Twitter to sort this out."
FBI spokesperson Jenny Shearer told CNBC that it is investigating the AP Twitter hack.
A wire statement issued later explained that the mid-day tweet "came after hackers made repeated attempts to steal the passwords of AP journalists." A group called the Syrian Electronic Army claimed credit for the hack. The group's original Twitter account is currently suspended, but on Tuesday afternoon, an alternate "official" account was live.
Social media accounts associated with CBS News programs "60 Minutes" and "48 Hours" were compromised on Saturday. The same group, known for its pro-Assad politics, took credit for that attack too, as well as earlier attacks on the Twitter accounts of NPR and the BBC. The group is not to be confused with the hacking collective known as Anonymous — in fact, they have previously clashed online.
Passwords are weak link
Because password theft is the culprit behind social-media account takeovers, security experts say that better protection is needed. Responsibility for security is shared between the user and the service.
"The challenge (with corporate-owned Twitter accounts) is, we share the password," Chester Wisniewski, senior security advisor at Sophos, told NBC News. "Once you get enough people with the password, bad things are going to happen," he adds. "There's no good way of isolating or limiting access these high-profile accounts."
Wisniewski said it is up to Twitter to strengthen security by using two-factor authentication, a log-in technique used by Google, Apple, Facebook and others that requires the pairing of a password with a code delivered to a user's cellphone.
"In my opinion, this is overdue for Twitter, especially for verified accounts," he said, regarding how incidents like this could be prevented. "Humans are the weakest things when it comes to a phish [attack]."
Twitter sent users a note saying that, "while we investigate (the AP hack), we wanted to get in touch to provide some information to help keep your account secure. And given the recent incidents, it is especially important to be extra vigilant about any attempt to phish your information." The note included a link to a support page with basic security precautions.
— with additional reporting by NBC News' Stacey Klein, Helen Popkin and Patrick Rizzo, and CNBC's Eamon Javers