I’ve just received one of those “Hey, I just added you to my Mafia family. You should accept my…” crap-spam-junk invitations on Twitter. Normally these come from accounts I don’t recognize, and I either ignore or block them. But this time it came from a gray-haired, well-respected industry analysts – I just could not imagine him getting involved. When I contacted him he told me he himself received 75 Mafia invitations – but the fact that I received it in his name suggests his account got compromised.
He had already changed his Twitter password, yet the hijackers kept on using his account. That reminded me to share this: changing your password is no longer sufficient to regain control. I don’t pretent to be a security expert (which we have a few here @ CloudAve), but since more and more Twitter apps are “doing the right thing” and use OAuth authentication, those connections stay valid even after a password change. So here’s what you should do: go to http://twitter.com/account/connections and check out all the applications listed there.
You may be surprised… the stupid lil’ thing you had checked out and decided you did not like after 5 minutes still sits there, fully authorized. So do yourself a favor, prune the list. Whatever you don’t recognize, or no longer want, click “revoke access” – it’s that simple.
(Note: The image above does not depict “bad guys”. it’s a screen shot of my account and I don’ have any – or so I hope.)
Related articles by
the real game that Mobster World is playing on Twitter? (guardian.co.uk)
the OAuth vulnerability (ianloic.com)
Swear Twitter Is Going Berserk Today Just To Show Off Its Pretty New
and The Case Against oAuth (cristianobetta.com)