- Your Twitter account can be exploited without your username, password
- Third-party app authentication is used by malicious tools to spread spam
- Never give access to any third-party app you don’t trust
There have been several high-profile Twitter hacks in recent times. That’s not something that most of us need to worry about though – very few are actually prominent enough to be targeted in attacks like these.
On the other hand, most of us are guilty of being careless when it comes to granting apps access to our services – if you come across an app that promises cool features, or says it will give you followers, you might be tempted to give it access to your Twitter account, which is rather like handing over the keys to your house to someone.
Sure, giving a trusted and well-known app such as Tweetbot or Fenix, or a service such as Buffer, access to your account is fine. But at other times, it’s just inviting trouble as Twitter authorisation can allow the third party to read your tweets, and also post tweets on your behalf. If you’re trusting enough to fall for the wrong app, then you can quickly see the potential for malice, as we discovered recently. Quite a few people we know have recently been affected by an app that promises to help you gain free followers – authorising freeaddme.us leads to spam DMs being sent to all your followers, while your account will also start following hundreds of others. That’s probably how the follower count gets added, but of course, it’s not what you probably had in mind when signing up for this.
If you’ve been careless and gotten affected by freeaddme.us or any other malicious third party Twitter app, follow these steps immediately.
How to revoke access to third party apps that can access your Twitter account
- Using a computer, log in to the Twitter.com website
- Click on your Profile Photo on the top right hand corner
- Click Settings
- Go to ‘Apps’ from the menu on the left side
- Here, click ‘Revoke Access’ to any fishy sounding apps, or any app that you are not currently using
This should prevent the malicious app from causing any further harm. It’s also worth pointing out that some of the high-profile in hacks prior were due to people authorising old apps for Twitter access at some point, and then forgetting about them. It is critical that you keep revoking access to apps that you don’t use from Twitter’s settings on a regular basis.
Next, just to be on the safe side, change your password too, by going to ‘Password’ in the menu on the left.
For added security, we also recommend you enable two-factor authentication for your Twitter account. To enable this, go to Security and Privacy. Here you can either choose verification via a push notification, which basically uses the official Twitter app you have on your phone to allow logins from other devices. Otherwise, you can set up a code-generator app like Authy or Google Authenticator to generate a six-digit code that changes every 30 seconds. After trying to log in from another machine, you’ll need to punch in the code too (which will be seen only on the devices you set up), to proceed.
We hope that this tutorial helps you keep your Twitter away from the many malicious tools present on the Internet. If you have any more tips, let us know via the comments below.