AP Twitter Page Hacked in Market-Moving Attack

 The Associated Press, one of the world’s largest news agencies, said a hacking attack caused it to send out an erroneous Twitter post that sent markets down 1 percent in a matter of seconds.

The false information about explosions at the White House and President Barack Obama being injured came after repeated attempts by hackers to gain access to AP reporters’ passwords, the news agency said in a report. It said it had suspended its account and would work to fix the vulnerability.

The Dow Jones Industrial Average and the Standard & Poor’s 500 Index each fell about 1 percent before rebounding. A separate Twitter account operated by the AP’s corporate communications team followed up minutes later with its own message: “That is a bogus @AP tweet.”

The news agency is the latest victim in a series of hacking cases against news outlets, including the New York Times and the Wall Street Journal. The errant tweet spooked investors eight days after two explosions struck the Boston Marathon, killing three people and wounding more than 200. U.S. authorities brought charges against Dzhokhar Tsarnaev, 19, yesterday for the attack.

Social Media

The false tweet spotlights the increasingly close ties between social media and financial markets. The AP’s main Twitter account, @AP, had over 1.9 million followers before the hacking.

The incident shows the risk of social media, said Cathy Baron Tamraz, chief executive officer of Berkshire Hathaway Inc.’s Business Wire, who called it an “object lesson” in why social media isn’t a substitute for press releases.

“I’ve got over 100 technologists in my shop,” said Tamraz, whose company distributes news releases for corporate clients. “What they spend their time doing is figuring out what the bad guys want to do and preventing them from doing it. That’s the kind of thing I don’t think these social sites were even set up to do. That’s not their core competency.”

The account is also one of the feeds provided through a Twitter function on Bloomberg Professional, the financial-data service sold by Bloomberg News parent Bloomberg LP. The U.S. Securities and Exchange Commission said this month that companies can post news on social-media sites as long as investors have been told in advance where to look.

“Following the SEC’s decision earlier this month to allow companies to disclose material information via social media, Bloomberg integrated Twitter feeds into the Bloomberg Professional service,” the company said in a statement.

Markets Recover

The S&P 500 was up 1 percent at 1,578.77 at the close in New York after briefly dipping as low as 1,562.5.

Yields on benchmark 10-year U.S. Treasury notes dropped about six basis points, or 0.06 percentage point, to a low for the year of 1.64 percent immediately after the bogus tweet as investors sought refuge in the world’s safest assets. The dollar weakened to about 98.60 yen before recovering to 99.27 after the report was discredited.

“The president is fine, I was just with him,” White House spokesman Jay Carney told reporters minutes after the hacking was discovered.

Ed Donovan, a spokesman for the Secret Service, which provides protection for the president, said the agency is aware of the incident, will be monitoring it and will take any appropriate follow-up steps. He declined to give specifics.

The Associated Press is a not-for-profit news organization funded by its newspaper and broadcast members. Founded in 1846, the New York-based news operation has more than 2,000 journalists worldwide.

‘Obviously Bogus’

“We’ve obviously been hacked on our AP Twitter account,” said Paul Colford, a spokesman for the Associated Press. “That tweet about the White House is obviously bogus.”

Jim Prosser, a spokesman for San Francisco-based Twitter, declined to comment.

Twitter accounts are vulnerable to hacking partly because the service lacks a more sophisticated authentication system, according to Wade Williamson, a senior security analyst with Palo Alto Networks Inc.

“The attack does not appear to be particularly technically sophisticated and is likely an example of a traditional account hijacking in which a hacker stole the AP account administrator’s password,” he said in an interview.

The AP reported that today’s hacking was preceded by a “phishing attempt” on its computer network, a common hacking technique that lures users into divulging username and password information by setting up a fake log-in screen.

The hack “came less than an hour after some of us received an impressively disguised phishing e-mail,” Mike Baker, a reporter for the AP based in Olympia, Washington, said on his Twitter account.

“Whatever the purpose of this attack was, it seems to have been pretty self-contained,” Williamson said. “The benefit from the attackers’ view has already happened.”