By Gerry Shih
SAN FRANCISCO (Reuters) - Does Twitter have a credibility problem?
For many, a single fake tweet from the Associated Press account that briefly roiled financial markets on Tuesday, driving the Dow Jones industrial average down about 145 points, vividly reaffirmed the fearsome, near-instantaneous power of the 140-character message.
But the security lapse also revived doubts about Twitter's place in the media landscape - and its ultimate value - at a moment when its status as one of today's essential information networks had seemed all but cemented.
Just a week after social media networks took criticism for helping circulate misinformation about the alleged perpetrators of the Boston Marathon bombing, Twitter's security shortcomings fell under a harsh spotlight Tuesday after a hacker group commandeered the AP Twitter account and falsely reported that explosions in the White House had injured President Barack Obama.
The AP was only the latest hacking victim in recent days after Twitter accounts belonging to National Public Radio, CBS 60 Minutes and others were breached. Last year, Reuters News was the victim of hackers who briefly took over one of its Twitter accounts and posted false tweets.
The latest hack was by far the most significant: the single AP tweet stunned investors and effectively wiped out $136.5 billion of the S&P 500 index's value in a matter of minutes.
Although the news agency later disclosed that one of its employees may have inadvertently given away company passwords as the result of a "phishing" attack by the hackers, security experts quickly faulted Twitter for its longstanding failure to implement two-factor authentication, a double-layered password feature used by the likes of Google Inc and Microsoft Inc that might have prevented the spate of high-profile Twitter hijackings.
"It's one of those cases that we are seeing too often. It's getting unnerving," said Robert Quigley, a journalism lecturer specializing in social media at the University of Texas. "What media organizations need to do is pressure Twitter to have a more secure website."
Twitter declined to comment for this article.
The company has also repeatedly declined to discuss its product roadmap, although it has signaled that it will soon unveil two-factor authentication, including a public job posting in February that suggested it was hiring to tackle the problem.
Mark Risher, the founder of a security consultancy that counts social media companies Pinterest and Tumblr among its clients, said introducing more measures like two-factor authentication would make Twitter more cumbersome to use and potentially slow its user growth - a critical concern for a company that relies on advertising revenues. But he warned that a prolonged rash of high-profile hacks, and an eroding sense of user trust, would hurt Twitter more.
"There's always a tradeoff between convenience and safety," Risher said. "But a security issue damages Twitter's brand."
NEWSWIRE OR PLATFORM
For Twitter, the hacking has raised questions about its credibility just as it is beginning to assume a central role in a fast-changing media landscape, with the volume of tweets rising to more than 400 million a day. Earlier this month, the Securities and Exchange Commission ruled that U.S. companies may report material information such as quarterly results on Twitter, as long as investors are alerted in advance. Days later, Bloomberg L.P. said it would funnel Twitter directly into its terminals used by thousands of traders on Wall Street.
At the same time, the world's leading news organizations and Twitter, which has 200 million users around the world, have become increasingly intertwined in a symbiotic, if sometimes troublesome, relationship.
Dan Gillmor, a journalism professor at Arizona State University, said the hacks have especially hurt news outlets because their Twitter accounts are often the primary way that their news reaches consumers who may not subscribe to a newspaper or have access to a newswire.
Twitter has touted itself as a critical newswire of sorts, such as during the 2011 tsunami in Japan, when it helped emergency responders locate survivors, or when it became a vital lifeline for some New Yorkers as television sets fell dark during Hurricane Sandy last year.
But last week, in the wake of the Boston bombings, some of those who previously viewed Twitter as an indispensable news source began turning against the service upon discovering that the wisdom of crowds is, in fact, an adage not often applicable on the Internet.
Steve Brunetto, a senior executive at Edgewave, a network security company, said Tuesday's hacking undermined Twitter at a sensitive time.
"On the heels of the Boston Marathon bombing, everyone's trying to figure out, 'Okay, where does Twitter fit into that news cycle? Where does Twitter fit into disseminating information?'" Brunetto said. "They've got an opportunity to legitimize themselves as a real player in that information life cycle but they get knocked down a peg every time somebody says, 'Oh, you can't believe what you read on Twitter.'"
Jeff Jarvis, a prominent Internet pundit and a journalism professor at City University of New York, said that the confusion caused by social media in recent weeks was not an indictment of social media but rather a reminder that the onus falls on professional reporters to verify information.
"No, the Internet's not broken," Jarvis said.
The rise of social media means that "you now hear more bar-room debates and speculation than before," he added. "But that doesn't mean you should believe it more than you ever did."
Tom Schrader, managing director for U.S. equity trading at Stifel Nicolaus Capital Markets in Baltimore, said there were a lot of clues in the false AP tweet that should have kept traders from reacting, in particular the wording of the message.
"We saw it, we saw the initial reaction. Initially our reaction was, pull your bids (until we) see whether this is legit or not. We found no legitimacy to it and went back into the market as normal," he said.
Oli Freeling-Wilkinson is chief executive officer of Knowsis, a London company that picks out and amalgamates financially relevant tweets and other social media content for traders. "We do have spam controls in place, but it's an ongoing war," he said. "It's much more difficult to work out what's going on when people are hacking into official accounts, especially in the heat of the moment."
While Twitter has occasionally signaled that it believes it could become more than a passive distribution network - a shift marked by last year's purchase of Summify, a small startup that specialized in surfacing relevant news - it has also taken pains to distance itself from the content of tweets and maintain strict neutrality from a legal perspective.
Twitter Chief Executive Dick Costolo told an Online News Association gathering last autumn that Twitter's primary responsibility was to create a platform, rather than to play an editorial role in determining which tweets people should see.
"A company trying to build media is creating or curating content, and that's not the kind of company we're creating," Costolo said.
Gillmor, from Arizona State, said Twitter did not need to guarantee the quality or veracity of its content in order to grow into a media juggernaut.
"It's not whether Twitter is credible or not, it's what people do with it," he said. "Every news organization feels it has no alternative but to use Twitter. But everyone at the traditional news organizations has to be thinking really hard about what that means, from whether the security is sufficient on these third-party platforms to what it means to be turning part of your stuff over to new kinds of publishers."
(Reporting By Gerry Shih; Additional reporting by Jennifer Saba, Ryan Vlastelica and Caroline Valetkevitch in New York and Alina Selyukh in Washington; Editing by Claudia Parsons)