I read with interest the Pharmalot story about Pfizer’s Facebook page being hacked by a “Kiddie” group (see “Pfizer Facebook Page Is Hacked By Script Kiddies“). I had tweeted about this and quoted the hackers who claimed that “[Pfizer’s] security was laughable” (see here).
Here’s what the Pfizer’s FB Wall looked like when it was hacked and before it was taken down:
Pfizer has a penchant for claiming it is a leader in this and in that. But it always seems to be caught in a lie. For example, Pfizer claims that it is a leader in social media, but actually has launched very few social media applications and campaigns. It claims to have an advanced social media “playbook” that it has talked about for months but refuses to show us the “meat” (see “Pfizer, Show Us Your Social Media ‘Playbook’“). When Pfizer started up it’s Twitter account, it was so unprofessional, many of us thought it was not an official Pfizer account (see “Pfizer’s Social Media Strategy: Piss Off John Mack, Get Hundreds of New Followers!“).
Pfizer has also claimed to be a leader in security (see this post for a photo of Pfizer’s past CEO, Jeff Kindler, in Pfizer’s “global security bunker at company headquarters”), but if you search Google for “Pfizer security,” most of the results are about breaches in Pfizer’s security (see, for example, “Zombie Pfizer Computers Spew Viagra Spam“).
My friend Bruce Grant was quoted in the Pharmalot story defending Pfizer: “the hack was not something that Pfizer could have prevented, since the security issues were all on Facebook’s end.”
I find that hard to believe. If true, then why haven’t we seen lots more corporate Facebook pages hacked? Surely, hackers would have had a field day with BP’s Facebook page during the Gulf oil spill. I am assuming BP had a Facebook page at the time. Regardless, why did the “Kiddies” stop with Pfizer’s FB Page, which was a pathetic social media attempt in the first place?
According to Pharmalot, Pfizer has “contacted Facebook to ask how it could have happened and plans to share what it learns with other companies [my emphasis].”
Ha Ha! I’ll be making snow balls in hell before I see Pfizer sharing information that will make it look like a social media dummy. It won’t even share information that will make it look smart (ie, the SM “playbook”).
“The good news is that no confidential information related to individuals or the company were breached,” said a Pfizer spokesperson, “but I need to make it very clear that we are committed to using social media channels to communicate and we’ll take this as a learning experience.”
My opinion is that Pfizer still has a lot to learn about social media and security.