Forget accidently hitting ‘reply all’ to an email, tweeting a personal message to all of your followers instead of sending a direct message, or posting a ‘what were you thinking’ photo.  Sure, a lack of good social media judgment can create a dire reputation management situation for both individuals and for companies.  Social media missteps are frequently embarrassing, and can also lead to serious professional, business and financial repercussions.  But a new, somewhat alarming trend is beginning to emerge that should make any company engaged in social media activities wake up and take notice. 

There’s a growing rash of companies getting targeted by social media ‘decepticons’¹, which are often disguised an innocent-enough looking message, tweet, or customer inquiry.  When these ‘decepticons’ are acknowledged, and frequently replied to and/or forwarded, they transform themselves into something sinister that often can cause enormous damage to a company’s reputation, harm its ability to protect its intellectual property, create the need for a legal response, and, ultimately, even cause financial loss.

Meet Kevin Butler, VP of Platform Hacking

Think it couldn’t happen to your company or agency?  Sony Computer Entertainment America, as part of their ‘It Only Does Everything’ advertising campaign for the PlayStation 3 in North America, utilizes a fictitious executive named ‘Kevin Butler’ in its advertising and social media promotion.  (According to Wikipedia, Kevin Butler is portrayed by actor Jerry Lambert.  Adweek magazine also reports that the character was created by Deutsch/LA, the advertising agency responsible for the campaign.  Deutsch/LA also manages Kevin Butler's Twitter account and wrote his E3 2010 speech.)

The affable Mr. Butler has starred in a series of popular, often-witty TV commercials to promote the PS3, and has amassed over 70,000 followers on Twitter (@TheKevinButler).  There appears to be no official Kevin Butler page on Facebook, but one unofficial page (‘Kevin Butler from Sony's Ad Campaigns’) has over 9,000 people who like it.

Although it’s conventional wisdom that ‘@TheKevinButler’ Twitter feed is managed by the aforementioned outside agency, I’m not going to pass judgment on the events of February 9, 2011 and who/whom may have been directly responsible for the @TheKevinButler feed when a lack of social media oversight hit Sony back and hard.

You Sank My Battleship….

As reported by tech site Engadget, on Feb. 9, 2011, an innocent-enough looking tweet with what looked like map coordinates was posted via Kevin Butler's Twitter account.  The social media person (or persons) managing the Kevin Butler Twitter feed on Feb. 9 –  replied as Kevin, appearing to mistake the map coordinates for ‘Battleship’ shell firing numbers (G4??….hit!) for the toy ship game.  Mr. Butler actually joked "Lemme guess... you sank my Battleship?" and also copied the full original message (with the entire series of numbers) in his reply to the tweet. 

The tweet, in reality, was not Battleship coordinates as the unsuspecting person on Twitter feed duty suspected.  It was actually a ‘private key’ code that unlocked the Sony PS3 (these keys are also known by the more popular term “jailbreak code”, which is hacker-speak for a method to unlock a proprietary/non-open system, platform, device or software).  In this case, the PS3 jailbreak code allows users to modify the gaming system to run customized, home-grown, pirated and other unofficial software that really irritates Sony and its army of IP/DRM lawyers (and rightfully so). 

So, by retweeting the Kevin Butler ‘Battleship’ message, the jailbreak code unlocking the Sony PS3 was unwittingly sent to the entire world.  Of course, the tweet was later deleted from the @TheKevinButler Twitter account.  (Also according to published reports, the ‘Battleship’ tweet was sent in reply to another user who also tweeted the code to @TheKevinButler in an attempt to mock Sony's threat that they'd prosecute anyone who posts the PlayStation 3 private key, a threat which Sony has made good on…keep reading.)

Put Me in Leg Irons, But Don’t Touch My Controller

According to Wired.com, George Hotz, the serial hacker who originally unleashed this tsunami in January 2011 by releasing the PS3 jailbreak code, has now been dragged into federal court by Sony, and faces unspecified damages by possibly violating the Digital Millennium Copyright Act violations and other allegations.  Hotz is in the middle of what could be a long, punishing legal battle with Sony, and his money is running out.  Sony is also threatening to permanently block PlayStation 3 owners from the PlayStation Network for online gaming if Sony catches anyone using jail-broken consoles.“To avoid this, consumers must immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from their PlayStation 3 systems,” Jeff Rubenstein, the company’s social-media manager, said in a blog post on a Sony Web site.

Granted, before the infamous ‘Battleship’ tweet, the key to the PS3 hack kingdom had already been widely spread all over the Internet by Hotz and others in the hack community, and the key wasn’t hard to find if you knew where to look.  But this social media faux pas of re-tweeting the code not only helped spread it on a massive, viral scale, but also brought tons of unwanted attention beyond the hack and modding world (for example, the Internet/media coverage of the Battleship tweet is how I first found out about the imbroglio, illustrating the only thing I know about hacking is how to approach a Titleist with a 3 wood out of the rough).

Social Media Program Management – Handle with Care

This true life, cautionary tale is prime example of the challenges of social media program management.  This also gets to the very root of why skilled, well-versed and multidisciplinary teams led by communications professionals need to be leading your social media effort.  Quite often, many of the social media operatives entrusted with monitoring and responding to customer engagements via social media channels won’t recognize or understand the true intention of a message or inquiry, let alone realize the repercussions of their actions.   Once unleashed, social media decipticons or other malicious content can create reputation and image repercussions for a company.  Also at risk is the potential public exposure of proprietary information, trade secrets and security vulnerabilities, all of which could, in turn, create real financial losses, require untold legal expenses, and may even drive down a public firm’s share price.

How is your company, business or clients ensuring they are practicing safe social media?  Do tell…

¹The real Decepticons® are the evil antagonists in the fictional universe of the Transformers®.  Decepticons® are disguised as harmless everyday machines, then turn into ferocious battle robots bent on destruction.  Decepticons® and “Transformers® are trademarks of Hasbro, Inc.