Hackers of Associated Press's Twitter account sent Dow Jones into downward spin after tweet claimed explosions at White House injured President Obama.
A tweet sent from AP's Twitter account claiming: "Breaking: Two Explosions in the White House and Barack Obama is injured" sent share prices on Dow Jones tumbling.
The fake post was retweeted more than 5,000 times within minutes, knocking the Dow Jones down from 14,703 to 14,554. Prices recovered quickly after it emerged that the tweet was fake and that AP had suspended the hacked account.
In a statement on its Facebook page, the AP said: "Hackers have compromised the main Twitter account of The Associated Press, sending out erroneous tweets about an attack on the White House.
"The tweet...came after hackers made repeated attempts to steal the passwords of AP journalists. The AP said Tuesday [23 April] that its Twitter account had been suspended following a hack and said it was working to correct the issues."
In recent days the AP discovered malware had infected some of its computers, according to a spokesperson speaking to the New York Times, and just an hour before the Twitter account was compromised AP reporters were subject to phishing emails.
Mike Baker, a reporter for the news organisation, tweeted minutes after the hack that it came "less than an hour after some of us received an impressively disguised phishing email."
Journalists and media commentators soon flocked to Twitter to point out how a simple change in the social network's security could prevent such hacks from happening again.
Neal Mann, social media editor at the Wall Street Journal, tweeted: "Twitter needs to sort its act out, bring in secondary verification for all verified accounts, not hard - job done."
Mann added: "Twitter needs to sort a secondary verification system and news orgs need to stop using breakingnews1234 as passwords."
A Twitter account can be logged into from any browser or smartphone in the world, providing you have the correct username (or email address) and password. If Twitter implemented two-step verification, as Apple, Google, Facebook and others have done recently, then logging in from an unknown device would not be possible.
Two-step verification prevents anyone from logging into an account from a device that is not already recognised and trusted by the service. For example, logging into Facebook from a brand new smartphone or computer is impossible with just the username or email address and password.
Instead, Facebook sends a randomly generated code to the account holder's mobile phone via a text message. Without this code, a would-be hacker cannot gain access to the account.
It is a simple solution and one which Twitter has been often criticised for not having, despite high-profile account hacks in recent months including Burger King, Jeep, and now AP.
Twitter suspended the AP account five minutes after the false tweet was sent, and AP's various other accounts tweeted to confirm the account was being controlled by hackers.
AP's Stylebook account tweeted: "The @AP Twitter account has been suspended after it was hacked. The tweet about an attack on the White House was false."