Syrian Electronic Army Hacks SocialFlow: Never Click Email Links

The Syrian Electronic Army, a loosely defined collective of pro-Assad hackers, successfully hacked the New York-based social media firm SocialFlow on Tuesday afternoon, leading the firm to shut down its entire website. How? A mid-level SocialFlow staffer clicked on One. Single. Link.

The result, to be sure, amounted to a few silly, now-deleted tweets like the one above and this one:

Syrian Electronic Army Hacks SocialFlow: Never Click Email Links

A Twitter account purporting to represent the Syrian Electronic Army later claimed to have hacked the New York Post’s Facebook page using SocialFlow’s publishing software:

A handful of reporters at the New York Post and Washington Post appeared to be affected by the breach as well. The news aggregator NewsBreaker chronicled the devastation:

SocialFlow CEO Jim Anderson, who (poor guy) joined the company last week, told Gawker that “an employee’s email account was compromised by a phishing attack,” referring to the practice of tricking email recipients into handing over sensitive information by mimicking the login pages of popular websites. No one, not even you, is immune.

Anderson later explained that the compromised email account belonged to a “general employee” with access to SocialFlow’s Twitter and Facebook pages, rather than a system administrator. Upon discovering the breach, SocialFlow pulled the plug on its website, which remains inaccessible.

“We heard some anecdotal evidence that there's been an increased amount of phishing going on today,” Anderson added.

So. A few lessons:


2) Twitter is terrible. (Follow me on Twitter.)