Keeping Twitter secure: connect applications with care

Someone is saying bad things about you.

They aren’t of course. But if you’ve received a direct message like this via Twitter it means that someone in your network has had their account compromised.

Similar rogue direct messages include ‘Someone is saying bad stuff about you’ and ‘Read this yet? horrible blog going around about you’.

The malicious messages and their dodgy links typically direct you to websites containing trojans, viruses and other web nasties likely to hijack your computer, or worse.

Common sense should apply. Never click on the URL and alert the individual that appears to have sent the message so that they can secure their Twitter account.

I received a dodgy direct message from one of my daughters this weekend. Equally, I’ve received rogue messages in the past 18-months from friends and colleagues.

Attacks like this happen because Twitter users allow third-party applications access to their accounts. Less scrupulous applications hijack accounts to send rogue messages.

When you allow an application to access to your Twitter account you grant it access to your network and permission to read, write and often send direct messages.

If you suffer a direct message attack here’s what you should do:

  1. Head to Twitter.com and check the list of applications (settings > applications) that are connected to your account. In particular look for applications that can send direct messages on your behalf.
  2. Revoke access to all applications apart from those that you completely trust. Only Twitter applications such as Echofon, Twitter for Android or iPad, Sprout Social, or Tweetbot should need permission to send direct messages on your behalf.
  3. Delete any dodgy direct messages that have been sent via your account.
  4. Change your Twitter password.

The best protection is to be vigilant when you allow an application access to your Twitter account and to check what permissions you are granting.

If this issue persists it is likely to knock the social network’s reputation. In time Twitter may need to lock down its API and introduce an authentication process for applications that need access to send direct messages.

Thanks for stopping by. If you enjoyed this blog post you may like to receive future posts as they are published, via email. Please sign-up here.

Stephen Waddington

Chief Engagement Officer, Ketchum. Visiting Professor in Practice, University of Newcastle. Past President, CIPR. Author #BrandVandals, Brand Anarchy, Chartered Public Relations, Share This and Share This Too.