Quit Begging People To Steal Your Twitter Account!
All you need to do is perform a Google search for terms like “twitter tool” or “twitter apps” to find a multitude of different ways people are molding and shaping Twitter into whatever they want it to be. This is, in part, due to it’s very open API standards.
Here is the problem that I am seeing. In order for developers to perform the “really cool” stuff with the API, they need to authenticate against the Twitter servers. In order to do that, they ask you for your username and password on so that they can pass it on to the Twitter servers!
Let me be very clear here. This is providing these people, whomever they may be, with complete and unfettered access to your Twitter account! This means not only can they do all those cool whizbang things that they promise you they can do, they can also:
- impersonate you
- submit tweets to your account
- start sending twitter spam from your account
- lock you out of your account
- vandalize your account
Not only is this type of information being made available to the developers of these tools, many of these sites are not very secure. It is not uncommon for them to have no SSL security on them so that your username and password are transmitted over the Internet in clear text where anyone with a sniffer can get access to them!
I know that some of this may sound paranoid but with the first twitter lawsuit being filed last month, it is important that you be very careful with this information. Not to mention, twitter accounts are becoming a valuable commodity that needs to be protected just like you protect the PIN number to your bank account or the password to your e-mail account. You wouldn’t give them out so why would you give out your twitter password?
Here are some tips to help you keep your twitter account safe:
- Make sure the all online twitter apps that you use are SSL encrypted
- If you do decide that you are willing to submit your password online, read the terms of service to ensure that the password is never stored anywhere on their servers and that the communication between their servers and the twitter servers are encrypted
- Change your twitter password frequently
- Try to use twitter tools that are desktop, not web, based as much as possible
- Monitor your tweets and make sure that they are your tweets
- Create a unique icon so that it is easy to find among all the other tweeters
- If your account is compromized, report it to twitter immediately
One Response to “Quit Begging People To Steal Your Twitter Account!”
-
B. Houser Says:
April 9th, 2009 at 2:15 pmYeah, and if I’m remembering correctly, wasn’t there a similar lawsuit against Facebook a little while ago due to issues that occurred when “importing” info from gmail and other sites? Since it required personal info (usernames and passwords).
I think this is a pretty big problem. I don’t know that all the Twitter add-on sites are really interested in hacking your account, but if they’re not protected they could get harvested someone who is. Then again, if you’re not using Twitter’s ssl feature I guess technically the same goes for Twitter, too — and they still haven’t implemented extended validation ssl, which would protect folks against spoofed Twitter sites.
But there’s no good solution unless someone gets the yen to streamline all these add-ons into a single, protected development location. Not a bad idea, but it would be a madhouse.
