Classroom Technology

Hacked Twitter Accounts a New Headache for Schools

By Benjamin Herold — October 10, 2017 6 min read
  • Save to favorites
  • Print

The trouble for Foothill High started at 2 p.m. on a Tuesday afternoon last month.

That’s when a stream of profane and offensive messages started appearing on the official Twitter account of the 2,600-student school near Las Vegas.

Among them: taunts about the school’s “weak weak security system,” a photo of a school administrator altered in a vulgar way, and anarchist images and messages.

Back in June, hackers took control of the official Twitter account of Florida’s 40,000-student St. Lucie school district. Among the posts that went out to St. Lucie’s 2,700 followers: a graphic photo of lynched African-Americans, as well as a racist message that said, “After Heavy Consideration, Our District Has Decided To Ban All African Americans From Our School District. Thank You!”

Both incidents represent a convergence of issues that are increasingly bedeviling K-12 systems: inappropriate uses of social media, and a wide range of cybersecurity threats.

And while they so far appear to be unusual, the Twitter-account hackings in Florida and Nevada raise important questions for school officials and tech companies alike, said Douglas A. Levin, the president of consulting group EdTech Strategies.

What security steps should schools be taking to better secure their social-media accounts? What should happen to students who share offensive content posted by hackers? And how can companies like Twitter respond more quickly to such instances after they occur?

6 Tips for Managing Social Media Accounts

1. Use a long, complex password for each platform and update it regularly.

2. Do not use the same password for multiple services.

3. Create “two-factor authentication,” which basically means that after entering a password, a user completes a second step—often entering a code that is sent by text message—in order to access an account.

4. Make intentional choices about limiting access to certain websites. One administrator, or a small group of people, should be the sole operator of a third-party hosted account.

5. Set up a crisis management plan in advance to ensure district or school officials are prepared to run damage control in the event of a breach. Those officials will have to reset passwords and contact companies.

6. Train teachers and administrators to identify phishing scams. Hackers use these email scams to trick recipients into giving away their login information for email accounts and websites.

Sources: C. Blohm & Associates, CoSN, EdTech Strategies

In St. Lucie, for example, the racist posts remained public for nearly 12 hours, sparking outrage from the district superintendent.

And in Nevada, it took almost two days to get the offensive messages removed.

That’s a big problem, Levin said.

“There’s not any gray area here,” he said. “The accounts were compromised, and what was published was clearly inappropriate and clearly not something the districts did themselves.”

Foothill High’s principal declined a request to be interviewed.

A spokeswoman for St. Lucie schools likewise declined to comment or provide an update on the hacking incident there, citing the ongoing challenges the district faces as it responds to flooding caused by Hurricane Irma earlier this month.

It does not appear that any arrests have been made in either case. Investigations appear to be ongoing in both locations.

One big question that remains unanswered: How were the school and district Twitter accounts compromised in the first place?

In the case of St. Lucie, the hackers offered some pretty big clues.

During an interview with local television station CBS12, a representative of a group calling itself Cryo Squad said it had targeted the district “because it was extremely vulnerable and they have little to no security.”

Levin of EdTech Strategies said it would be no surprise if poor security practices played a role in the breaches.

Preventing Breaches

There are two big, basic steps that Levin and other experts recommend schools take to prevent social media accounts from being compromised.

“Having a strong password and keeping it confidential is important,” Levin said. “It’s also important to enable the advanced security features that most platforms offer, especially two-factor authentication.”

On passwords, Levin advised schools to make sure they’re long and complicated; to not reuse the same passwords for multiple services; and to consider using password-management software.

Two-factor authentication basically means that after entering a password, a user must complete a second step—often entering a code that is sent by text message—in order to access an account. That way, even if a password is compromised, hackers still won’t have all the information they need to take control of an account. Most platforms allow users to opt into such features by adjusting their settings.

With all the other cybersecurity challenges districts are facing, it can be easy to overlook such steps, Levin said. And while losing control of a school Twitter account is a major nuisance, it’s different than having confidential employee or student information stolen from other software systems.

But given how difficult it can be to restore order after a social-media account has already been hacked, he said, an ounce of prevention is clearly worth the effort.

Back in Nevada, one of the challenges faced by district administrators and leaders at Foothill High was how to respond if students shared the inappropriate content hackers posted on the school’s Twitter account.

After the hacking took place, the district released a statement saying “any student found to be involved in sharing or retweeting this content could face disciplinary action.”

In an email, a district spokesman said Clark County’s cyberbullying policy was the basis for that stance. The spokesman added that “parents were contacted directly by school administrators if there were concerns with their child regarding this incident.”

But Bradley Shear, a Maryland-based lawyer who focuses on privacy and social-media law, said any such punishment meted out for sharing social-media content would likely be illegal and would almost certainly open a can of worms.

“Public schools have no legal basis whatsoever to discipline students based on sharing digital content from the school district’s own accounts, regardless of the situation,” Shear said.

Besides, he asked, how could the district know for sure that it was actually the student, and not someone else using their account, who shared the content? Under what other circumstances would schools presume to monitor and regulate students’ outside-of-school social media postings?

“The bottom line is that [Clark County’s] threat is not only very troubling, but also hollow,” Shear said. “If they do discipline a student for sharing the content, they will lose any lawsuit arising out of the matter.”

And then there’s the matter of getting the offensive content taken down after it appears.

Trouble Reaching Twitter

The Clark County spokesman declined to specify exactly how long Foothill’s account was compromised, but it appeared to be under external control for well over three days.

And in remarks at a news conference that were reported by local station WPTV, St. Lucie superintendent Wayne Gent fumed at how long it took Twitter to remove the racist messages posted from his district’s account.

“I was mad as hell,” Gent said during the news conference. “There’s not a hotline that you can contact or a hotline that you can call. It’s done through emails, it’s done through texting and we could not get a response from [Twitter.]”

Levin of EdTech Strategies said that’s unfortunate, but not surprising. Platforms such as Twitter are awash in offensive, abusive, and otherwise problematic content, and they are even getting called to testify before Congress for their roles in enabling foreign governments to spread misinformation and meddle in elections. And their strategy of relying on algorithms and technology to respond to problems doesn’t appear to be working very well, he added.

“I think one lesson for schools is that if you’re going to use free, cloud-based services, it may be very challenging to reach someone who can help you in a timely manner,” he said. “You’re really at their mercy.”

Twitter officials did not respond to requests for comments sent via their platform.

A version of this article appeared in the October 11, 2017 edition of Education Week as Schools Pick Up the Pieces After Twitter Accounts Hacked

Events

Student Well-Being K-12 Essentials Forum Social-Emotional Learning 2025: Examining Priorities and Practices
Join this free virtual event to learn about SEL strategies, skills, and to hear from experts on the use and expansion of SEL programs.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Professional Development Webinar
Inside PLCs: Proven Strategies from K-12 Leaders
Join an expert panel to explore strategies for building collaborative PLCs, overcoming common challenges, and using data effectively.
Content provided by Otus
Teaching Profession Key Insights to Elevate and Inspire Today’s Teachers
Join this free half day virtual event to energize your teaching and cultivate a positive learning experience for students.

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Classroom Technology Opinion How ‘Innovation’ Fails Education
"Innovation” is mostly an unserious distraction from the real work of rethinking education.
7 min read
The United States Capitol building as a bookcase filled with red, white, and blue policy books in a Washington DC landscape.
Luca D'Urbino for Education Week
Classroom Technology Q&A How a District's Embrace of Esports Is Transforming Special Education
Esports can help build 'soft skills' such as collaboration and teamwork, for students in special education, one district leader says.
3 min read
Evan Abramson, 47, director of technology and innovation at Morris-Union Jointure Commission, sits for a portrait at the school in Warren, N.J., on Jan. 15, 2025.
Evan Abramson, the director of technology and innovation at Morris-Union Jointure Commission, assists a student playing video games in the district's esports arena in Warren, N.J., on Jan. 15, 2025.
Michelle Gustafson for Education Week
Classroom Technology Leader To Learn From This Tech Director Is Revolutionizing Special Education With Gaming
Evan Abramson led the creation of an esports arena for students with autism spectrum disorder. It may be the first in the country.
12 min read
Evan Abramson, 47, Director of Technology and Innovation at Morris-Union Jointure Commission, sits for a portrait at the school in Warren, N.J., on Jan. 15, 2025. Morris-Union Jointure Commission works primarily with students up to the age of 21 on the autism spectrum. Abramson, through his experience watching his own son with special needs play video games, helped bring an e-sports lab to life at the school in order to help students better regulate themselves.
Evan Abramson, the director of technology and innovation at Morris-Union Jointure Commission, in Warren, N.J., on Jan. 15, 2025. Abramson spearheaded an esports program to help students on the autism spectrum connect with one another and learn new skills. The gaming arena where students play together may be the first-of-its-kind in the country.
Michelle Gustafson for Education Week
Classroom Technology From Our Research Center Who Pays for Repairs to Students’ School-Issued Devices?
Providing every student with a school-issued device has become commonplace in K-12 schools, but it's costly to maintain.
2 min read
Tightly cropped photo of a group of students sitting at their desks in the classroom using laptops.
E+