Lessons Learned From HMV’s Very Public Twitter Meltdown

When entertainment giant HMV’s Twitter account was hijacked by a 21-year-old intern, the world took notice. HootSuite CEO Ryan Holmes outlines the growing security demands of sensitive social media accounts.

Lessons Learned From HMV’s Very Public Twitter Meltdown

At 9:45 a.m. last Thursday morning, the first of an unlikely series of messages went out from the official Twitter account at HMV, the global entertainment retailer with 7,000 workers and more than $1.5 billion in annual revenue.


“We’re tweeting live from HR where we’re all being fired! Exciting!! #hmvXFactorFiring,” read the initial message from @HMVtweets, sent to the company’s more than 70,000 Twitter followers around the globe. Earlier that morning, some 60 employees at the 91-year-old company had been sacked in a round of downsizing. One of them had hijacked the official Twitter account to vent her frustrations. A difficult day was about to get worse.

In the course of seven subsequent tweets, Poppy Rose Cleere, the company’s newly axed 21-year-old online marketing and social media planner, aired HMV’s dirty laundry to the world: the “mass execution” of loyal workers; gross mismanagement at the head office; unpaid, illegal interns. She even got in a jab at her own social-media-challenged boss: “Just overheard our Marketing Director (he’s staying, folks) ask ‘How do I shut down Twitter?’ ” she tweeted.

By the time the director finally regained control of HMV’s hijacked account and deleted the offending messages, the damage had already been done. The tweets had gone viral–shared thousands of times all over the world in a matter of minutes. The blogosphere was the first to take notice, running breathless posts about the rogue Twitter account. By the next morning, HMV’s “live-tweeted firing” had made headlines in nearly every major newspaper on both sides of the Atlantic. For the company–newly entered into bankruptcy protection and struggling to regain market share from online retailers–the PR debacle could hardly have come at a more inopportune time.

The worst part: None of it had to happen.

The Social Media Security Gap

In the aftermath, online experts and digerati have maligned HMV for leaving its social media in the hands of an entry-level hire. But the company is hardly alone in failing to safeguard its social media accounts. Many of the planet’s largest enterprises, in fact, remain just as vulnerable. For years, software tools known as social media management systems have been around for managing and protecting corporate social media assets (my company, HootSuite, is one of them). In many ways, not using one is equivalent to not bothering to password-protect your email. But few companies have opted in.


Why? Corporate protocol simply hasn’t kept pace with the speed of social media changes. Nearly overnight, social media has gone from dorm room toy to boardroom tool. Just a few years ago, only the most progressive companies dabbled with Twitter and Facebook, mainly as a soft, community-building channel. Today, 73 percent of Fortune 500 companies have Twitter accounts, and social media is a staple of corporate strategy, forecast to unlock some $1.3 trillion in value in the years ahead.

As the HMV fiasco shows, however, major enterprises are still delegating social media responsibilities to interns. Even companies with dedicated social media teams rarely have the proper tools or policies in place. Passwords to company accounts–which may be followed by thousands, even millions, of users–are routinely handed out to entry-level employees. Meanwhile, social media messages are posted without any fixed workflow or approval system.

It’s worth noting here that the Twitter and Facebook followings at large consumer brands can exceed the population of small-to-mid-size countries (Organic grocer Whole Foods has more than 3 million Twitter followers; Coca-Cola has nearly 59 million Facebook fans). Delegating that kind of authority to junior employees–with few or no checks or balances in place–can amount to courting disaster. HMV’s rogue tweeter, Cleere, pointed out as much. “I hoped that today’s actions would finally show them [senior management] the true power and importance of Social Media,” she explained afterward on her own Twitter account, @poppy_powers, “and I hope they’re finally listening.”

Wake-up Call

So, for companies who suddenly are listening–and concerned–what now? Getting rid of social media altogether is hardly an option. I work with 79 of the world’s Fortune 100 companies and none of them are prepared to give up the competitive advantage of social media; even conservative financial institutions like Goldman Sachs now tweet to their clientele. Instead, the key is to mitigate social media risks in the office. And the right technology can play a big role. Here’s a look at simple steps to avert an HMV-scale social-media disaster:

  • Centralize social media channels: Audits of large enterprises like HMV routinely turn up dozens of ad hoc social media accounts, started by interns or community managers in multiple departments (often without official permission), each with their own managers, passwords and followings. A critical first step is consolidating these accounts into a single social media management system. These tools bring all social channels–Twitter, Facebook, LinkedIn, etc.–into one interface for easy monitoring and oversight. They also allow for better tracking the results of social media campaigns. Had HMV’s social channels been centrally monitored, the offending tweets may never have had a chance to go viral.

  • Control access through limited permissions: As HMV’s Twitter crisis makes clear, letting employees have all-access passes to a company’s social media accounts carries big risks. A safer solution is to give junior employees limited permission to draft messages, which can then be fed into an approval queue for senior management to sign off on before publishing. As little as a year ago, it was nearly impossible to find a social media management tool with this critical feature. My team built one, enabling companies to assign discrete permission levels on an employee-by-employee basis. This simple functionality could have averted disaster for HMV.

  • Get a handle on passwords: Equally critical is having a master switch for turning on and off employees’ access to different social-media accounts. Case in point: While HMV’s marketing manager struggled to “shut down” Twitter, a half-dozen additional incriminating tweets were fired out. The solution: single sign-on technology. Incorporated into enterprise-grade social media tools, single sign-on enables employees to log into social media accounts with the same username and password used for their company email account. Access can be turned on or off by a central administrator, who holds the real “keys” to the company’s social profiles.

Attitude Shift


Of course, technology is only as good as the people using it. Employees are in desperate need of social media training: on everything from the nuts and bolts of tweeting and posting to how to leverage social media for business strategy. And, more often than not, resistance still comes from the top–senior executives who think Twitter is just a distraction for sharing snapshots of lunch, not a tool for courting clients and building the customer base.

As HMV’s rogue tweeter–who began the company’s social media initiative as an intern just two years ago–points out, awareness remains half the battle. “Since my internship started, I worked tirelessly to educate the business of the importance of Social Media–not as a short-term commercial tool, but as a tool to build and strengthen the customer relationship, and to gain invaluable real-time feedback from the consumers that have kept us going for over 91 years,” Cleere tweeted from her personal account. “While many colleagues understood and supported this, it was the more senior members of staff who never seemed to grasp its importance.”

Chances are, they do now–at least the ones who still have jobs after last week’s social media meltdown.

Ryan Holmes (@invoker) is the CEO of HootSuite, a social media management system with nearly five million users, including 79 of the Fortune 100 companies.

[Image: Flickr user Vanlal Tochhawng]

About the author

Ryan Holmes is the CEO of Hootsuite, a social media management system with more than 10 million users. A college dropout, he started a paintball company and pizza restaurant before founding Invoke Media, the company that developed Hootsuite in 2009. Today, Holmes is an authority on the social business revolution, quoted in The New York Times and Wall Street Journal and called upon to speak at TEDx and SXSW Interactive Conferences