The Hawthorne Effect

Update: I assumed when I wrote this post that the group that hacked into the page did so through some vulnerability within Facebook. That assumption was incorrect. Instead, it seems access was attained by clues and publicly available data found on the internet left by one of the page administrators.

Last night, sometime around 8:30pm last night, Pfizer had its Facebook account hacked by a group called ‘The Script Kiddies.’ The group, much like LulzSec and Anonymous before it, is made up of hackers who inflict their own form of retribution (or what they would term as justice) on organizations they disapprove of by breaking through various layers of online security to post images and messages on cooperate owned sites. In this case, Pfizer’s Facebook page.

In an interview with the website studentactivistdiary.co.uk, the group claims that “[Pfizer is] guilty of killing people through harmful drugs and clinical tests. […] We plan to achieve awareness mostly; awareness that the security online is an allusion and also that Pfizer’s crimes are intolerable and we will not deal with them. We will stand up and say, hey, this isn’t right. We will take a stand. Some say that our methods are extreme, but they have to be to achieve our goals. Pfizer is a corrupt giant, so we attacked them. Simple as that.”

Despite several claims of “not being an expert” the representative from ‘The Script Kiddies” felt their actions justified and the results went live for all to see. Pfizer removed the posts and locked it’s Facebook page down shortly after the attack.

Whether or not you believe this kind of armchair activism is justified or not is a debate I will leave for another day. From the vantage point of communications, an attack like this does raise several important questions. Were Pfizer’s security protocols to blame or was Facebook the problem? Will this attack set Pharma’s efforts in social media back? Should Pfizer respond? And if so, how?

If the people managing the Pfizer page were using strong passwords or continuously updating the log-in credentials I can’t say, but one very important issue should not be glossed over here…

Pfizer wan’t hacked, Facebook was.

Yes, these hackers took over the Pfizer page, but that page is housed on Facebook’s servers, and Pfizer can only make the page as secure as Facebook’s user interface will allow. Unfortunate as it was for Pfizer, I’m not sure how much more security could have been applied. The hackers in question may crow all they like about how they supposedly beat Pfizer, but Facebook needs to step up here. Also interesting to note, if these hackers really wanted to put on a show, why not hack the Pfizer.com site instead of the Facebook page? It probably gets far more traffic and therefore would garner far more attention.

This wasn’t a social media problem, it was a technological one, and is one that’s potentially fixable. If a group like this wants to hack your sites, they will find a way to do so, if not on Facebook than somewhere else for sure.

Given the tenuous position it has in social media, its easy to see how those who think pharma should leave social media alone will use this as an opportunity to say “see I told you so.” The truth of the matter is that, like it or not, these types of attacks will continue to happen. And, like with any other media channel, unless it is comfortable, active, and engaged in the space, pharma’s responses to issues like this will continue to be flat-footed and painfully slow.

So what should Pfizer do? I’m a firm believer that you don’t negotiate with terrorists, and that responding directly to an attack like this will bring attention to the hackers, and in all likelihood, provoke more attacks.

What Pfizer shouldn’t do is retreat.

Social media represents a powerful way to create understanding and deepen awareness of issues most likely to affect or benefit users. Pfizer has the opportunity here to lead the way, whether it’s bringing better transparency to its clinical trials and safety programs or by providing customers who are having legitimate issues or have questions about their products answers and support. Leveraging social media to provide help and support will go a long way towards improving the perception of your brand, but it must be done carefully, authentically and with your audience needs in mind.

But make no mistake. There will always be detractors. There will always be haters. Hiding from them won’t make them go away.

Prescient thoughts from Mike Elgan from 2009 with the launch of Google Latitude. (ed note. Remember Latitude? Buzz? Lively? Wave? Think about that while ‘gurus’ call Google+ a Facebook killer).

“But in order to get there, Google needs you to change. They need you to drop your resistance to being listened to, tracked and monitored at all times. They want you to be the best product you can possibly be. Google’s customers will love you.” Link

With all the hoopla about new Google products, they fail as often as they succeed. People also lose sight of the fact that “open” translates, in Google’s terms, to “being allowed to sell your behavioral data for money.”