Carl Pei’s Twitter account was compromised at the end of May. A Tweet was injected into his feed, pretending the entrepreneur was offering investment in a new venture. It asked people to send cryptocurrency to a wallet.
Carl posted a Tweet letting people know it was a scam and telling them not to send currency.
He confirmed access was gained via his IFTTT (If This Then That) account. An application that connects to Twitter and other apps to automatically perform tasks based on criteria you set. It’s a useful and powerful platform.
His compromised IFTTT account allowed the hackers to inject their Tweet into his account. Subsequently, Carl deleted all third-party apps connected to Twitter.
It’s pretty common for social media accounts to link to other apps or be controlled by other people, such as marketers and developers. As you grant permissions adopt a security-first mindset and consider the risks and weakest link along the chain you are allowing. In addition, set a reminder to audit your accounts at a later date. Regular audits give us a chance to review and revise redundant permissions and security settings that need adjusting.
If you want to check what apps have access to your Twitter account view this Byte-size Bulletin on revoking permissions.
Thanks to Ravi Sharma at Unsplash for the image.