Who is Tweeting as if they were you?

Byte-size Bulletin by Simon Heath in Security, News on Jun 16, 2021

Twitter---Handle-with-Care-resized

Carl Pei’s Twitter account was compromised at the end of May. A Tweet was injected into his feed, pretending the entrepreneur was offering investment in a new venture. It asked people to send cryptocurrency to a wallet.

Carl posted a Tweet letting people know it was a scam and telling them not to send currency.

He confirmed access was gained via his IFTTT (If This Then That) account. An application that connects to Twitter and other apps to automatically perform tasks based on criteria you set. It’s a useful and powerful platform.

His compromised IFTTT account allowed the hackers to inject their Tweet into his account. Subsequently, Carl deleted all third-party apps connected to Twitter.

It’s pretty common for social media accounts to link to other apps or be controlled by other people, such as marketers and developers. As you grant permissions adopt a security-first mindset and consider the risks and weakest link along the chain you are allowing. In addition, set a reminder to audit your accounts at a later date. Regular audits give us a chance to review and revise redundant permissions and security settings that need adjusting.

If you want to check what apps have access to your Twitter account view this Byte-size Bulletin on revoking permissions.

 

Thanks to Ravi Sharma at Unsplash for the image.

Subscribe to our Bulletins





Free Download

Is IT a bottleneck to your company’s growth?

Discover how small business IT support can be a strong ally in making you more productive and competitive.

Download Ebook

bottlenecks