WASHINGTON (Reuters) - Hackers took control of the Associated Press Twitter account on Tuesday and sent a false tweet about explosions in the White House that briefly sent U.S. financial markets reeling.
In the latest high-profile hacking incident involving social media service Twitter, an official @AP account reported that two explosions at the White House injured President Barack Obama.
AP spokesman Paul Colford quickly confirmed the tweet was “bogus,” and White House spokesman Jay Carney told reporters that Obama was fine, just minutes after the tweet hit a little after 1 p.m. (1700 GMT).
But within three minutes of the tweet's release, virtually all U.S. markets took a plunge on the false news in what one trader described as "pure chaos." (For a graphic, see link.reuters.com/hyz57t)
The FBI and the U.S. Securities and Exchange Commission both said they were probing the incident. FBI spokeswoman Jenny Shearer did not provide further details beyond confirming an investigation.
SEC Commissioner Daniel Gallagher told Reuters in an interview that the agency was looking into the bogus tweet’s impact on the markets.
“I can’t tell you exactly what the facts are at this point or what we are looking for, but for sure we want to understand major swings like that, however short it was,” Gallagher said.
Reuters data showed the tweet briefly wiped out $136.5 billion of the S&P 500 index’s value before markets recovered. Some traders attributed the sharp fall and bounce-back to automatic electronic trading.
A group calling itself the Syrian Electronic Army, which is supportive of that country’s leader, President Bashar al-Assad, in its two-year civil war, claimed responsibility on its own Twitter feed for the AP hack.
The group has in the past taken credit for similar invasions into Twitter accounts of National Public Radio, BBC, CBS’ “60 Minutes” program and Reuters News.
A Twitter spokesman declined to comment on the Tuesday breach, saying the company did not comment “on individual accounts for privacy and security reasons.”
At a time when cybersecurity and hacking have become top national security concerns, Twitter and its reach to hundreds of millions of users is coming under growing scrutiny for the risk of privacy breaches on the site.
Stewart Baker, a cybersecurity lawyer at Steptoe & Johnson in Washington, said there was plenty of blame to spread around regarding Tuesday’s incident.
“AP should have had better passwords, Twitter should have gone to at least optional two-factor authentication months ago, and guys on the Street really should be thinking twice before they trade on Twitter reports. That’s risky,” he said.
For years, security experts have called on Twitter to introduce a two-factor authentication measure, which requires a two-step process to log in and which they say would greatly reduce such breaches.
In recent months, the San Francisco-based company has hired security experts and posted job listings for software engineers, who could help the company roll out two-factor authentication.
AP, whose Twitter accounts @AP and @AP_Mobile were suspended, reported that hackers made repeated attacks before Tuesday’s incident to steal the passwords of AP journalists.
The false “BREAKING” tweet, which went out to the AP’s nearly 2 million Twitter followers, sent the S&P 500 and Dow Jones Industrial Average falling sharply before they recovered. Stock and bond futures also were affected.
“It’s a new low in the capital market sales and trading and investor community,” said Russ Certo, managing director in fixed income at Brean Capital in New York.
Several U.S. lawmakers with influence over U.S. policy on trading have pledged to bring new scrutiny to the practice of high-frequency trading and its power to disrupt markets.
“It is disturbing that the markets were so easily manipulated by false information,” Democratic Senator Jack Reed from Rhode Island who sits on the Banking Committee, said on Tuesday. “Congress and regulators, particularly the SEC, should closely examine this case and social media policies to try to prevent this from recurring.”
After the false tweet, the benchmark S&P 500 dropped 14 points to as low as 1,563.03 before recovering, all in about five seconds. The Dow Jones Industrial Average temporarily dropped 143.5 points, or 0.98 percent.
“You have to wonder (about) this system we’ve built based on technology and speed,” said Joe Saluzzi, co-manager of trading at Themis Trading in Chatham, New Jersey.
“The SEC’s mission is to protect the individual investor. And they don’t feel protected today,” he said. “Events like today shatter confidence, and the problem is you don’t get confidence back tomorrow.”
Earlier this year, Bloomberg’s trading platform started incorporating tweets after the SEC clarified how companies can disclose material information through social media.
On Tuesday, spokeswoman Sabrina Briefel said the fake tweet appeared on the Bloomberg terminal. She said the company was not reconsidering its decision to include tweets.
Reporting by Alina Selyukh in Washington; Additional reporting by Deborah Charles, Sarah N. Lynch, Susan Heavey and Emily Stephenson in Washington; Gerry Shih in San Francisco; and Jennifer Saba and Doris Frankel in New York; Editing by Karey Van Hall, Philip Barbara and Peter Cooney