Control of corporate Twitter accounts, and #hmvXFactorFiring

by Laurie Anstis on February 1, 2013

HMV were in the news yesterday for the wrong reasons, when the individual or individuals with access to their official Twitter account (@hmvtweets) caused an internet sensation by using the account to let the world know what they felt about being dismissed. A series of angry tweets ended with:

“Just overheard our Marketing Director (he’s staying folks) ask ‘How do I shut down Twitter'”

This is something that anyone who has corporate responsibility for a Twitter account needs to know, and something that weighed on my mind when I managed the accounts for my firm – just how do you shut down Twitter? If you trust others to post to your Twitter account, what are you going to do if they post things you don’t want to be posted. Even more importantly, how do you make sure that they don’t just walk away with control of a Twitter account that you may have put a lot of time and effort into building up?

The first thing you need to know is that anyone who has access to either the password or the email account associated with the Twitter account has complete control of that account.

With the password, they can change any setting on the account, including the password and the email address associated with the account. This gives them the power to lock anyone else out of the account and make any changes they want. If they quit and join a rival firm, they have the ability to take your account with them. Short of legal threats, applications to court or appeals to Twitter itself there is nothing you can do about it.

If they have access to the email account associated with the Twitter account, then they can simply request a password reset and thereby gain complete control of the account.

The offending HMV tweets have all been deleted now, but the tweets immediately before them are shown as having been posted directly from the Twitter website, which suggests that the employees had full access to the accounts and their settings. If they had been really determined to cause trouble, this could have been much worse for HMV.

So what’s the alternative?

The key thing was to make sure that all posting to the Twitter accounts by employees is done indirectly.

Don’t allow employees direct access to the Twitter accounts or to post directly from the Twitter webpage. Instead, use the likes of Hootsuite and Tweetdeck. Each employee with access to the Twitter accounts can have their own individual Hootsuite or Tweetdeck account, which can then be authorised to access a Twitter account. With this indirect access, employees are still free to post to Twitter, but no employee has the Twitter password or access to the email address associated with the individual Twitter account, both of can then be kept under central control.

Doing things this way won’t prevent rogue tweets, but it does give an answer to the question “how do you turn off Twitter”. If there are problems, the person with central access to the Twitter account can simply log in to Twitter and revoke Hootsuite or Tweetdeck’s access to those accounts. That will immediately cut off any one individual’s ability to post to the account. More importantly, it will also mean that rogue employees have no power to gain complete control of the account and walk away with it.

Kevin Poulter gives his perspective on the situation here.


If take 60 people into a room and tell them all at once they’re fired you deserve to get flamed on Twitter. It shouldn’t be about not getting into this situation in the first place not what to do when you do. The lack of mediation and empathy HR professionals show is disheartening.

by jon on 1 February 2013 at 12:48 pm. #

The advice for using a Twitter client such as Hootsuite or Tweetdeck is sound and one I’d advocate. The thing to be mindful of is that some I.T. systems prevent using applications like this, and as such you may be stuck with using the main site.

I understand you’re dealing with the practical side of how to manage usage of official accounts on social networks by staff. There is something more which I think needs to be considered too.

There is something here about the culture of the organisation you’re working in and how they use social media (if at all). There is also something here about how much you trust the staff you’re asking to use the official accounts. If you trust them, you also accept they need support and education in how the accounts should be used.

In the case of HMV, they clearly didn’t consider that something like this could occur. As such I’d add another level of practicality. If you’re going to make an announcement which you suspect may cause unrest, then ensure you change the passwords to the accounts, so that things like this can’t happen. That way, if people choose to say things through social media, they’re only doing it on their personal accounts.

by Sukh Pabial on 1 February 2013 at 4:02 pm. #