A bad day in Twitterland

Twitter is having a tough day. First, parts of the service were having performance problems, and then the @AP Twitter feed got hacked, causing the stock market to tank nearly 150 points before recovering.

Twitter has vastly improved in the last few years in keeping the site up, but the hacks are escalating. The Twitter accounts of CBS News programs  "60 Minutes" and "48 Hours" were hacked over the weekend, with bogus messages going out, such as "The US government is hiding the real culprit of the Boston bombing." In February, an estimated 250,000 Twitter account passwords were compromised in an attack on the service.

It's becoming increasingly clear that Twitter needs to follow Google, Microsoft, and Apple in providing two-factor authentication sooner rather than later. Such a system isn't foolproof, but it requires an extra level of identification information to authenticate with a service.

In addition, Twitter can do more to provide features that can help diminish the adverse impact of tweets and retweets that present erroneous information, such as some of the tweets that were sent during and following the Boston Marathon bombings. Twitter spawned millions of tweets as the events unfolded, including tweets that identified innocent people as the bombers and that were retweeted, passing the misinformation along. It's part of how Twitter works, but Mat Horan of Wired has recommendations about how Twitter could deal with bad tweets:

Twitter could add a function, similar to a retweet or favorite, that let you edit and correct a tweet after it had been posted. Those tweets then show up in a timeline as having been corrected -- again, they could be flagged like favorites or retweets. Click on a tweet marked as edited, and it uses Twitter's Cards function (the same system that lets tweets embed images, videos, and text) to show the original.

Horan also suggests that the original author should have the capability to notify everyone who retweeted his or her tweet that there is a correction, which could also be displayed at the top of their timelines.

Twitter sent a note with the following response regarding the compromised AP account:

You may have seen recent reports involving news organizations' Twitter accounts being compromised. Multiple reports suggest that these attacks started through attacks on corporate email accounts. In the case of the Associated Press, this was confirmed -- the hacking of their Twitter accounts was preceded by phishing attacks on employees' email accounts.

While we investigate, we wanted to get in touch to provide some information to help keep your account secure. And given the recent incidents, it is especially important to be extra vigilant about any attempt to phish your information. Please review the security recommendations on our Support site.

The story has been updated to include Twitter's response.