- Third party apps you sign up for with your Twitter account might be able to read your messages and send tweets without your knowledge.
- This could also leave your account vulnerable to hackers.
- Here’s how to check which apps and services have been given permissions to your account — and how to remove them.
If you checked Twitter on Wednesday morning, you might be surprised to see the BBC and Amnesty International tweeting enthusiastically about Nazis, along with dozens of other high-profile accounts.
The reason for it is an apparent hack — but it’s not Twitter itself that was compromised. Instead, a third-party analytics tool called Twitter Counter was seemingly breached, and it was used to send tweets through the users’ accounts.
The incident highlights the risks that come with linking your account to third-party applications and sites. You can use a strong password and secure your account, but if an app you signed up for with your Twitter account is hacked, your data could still be in danger.
Thankfully, Twitter makes it simple to see who you’ve given permissions to — and to revoke them with a click of a button. To find out, head on over to Settings and select the Apps section (or just click here).
Once there, you’ll see a page looking a lot like this. (This page doesn’t seem to be available in the mobile app, so you’ll have to boot up the desktop site to see it.)
It shows all the apps that have access to your account, and what kind of access they have. For example, I’ve signed up to news aggregation service Digg using my Twitter account. Its permissions are read-only — meaning it can see my info and tweets, but it can’t send any tweets or messages. So there’s no immediate threat there.
But Bio is Changed (an app that tracks when Twitter users change their bios), can both read and write. This means it can theoretically send tweets from my account. Most apps and services won’t do so without your explicit permission (for example, if I wanted to tweet out a link using RSS feed reader Feedly). But if it got hacked, there’s nothing to stop it from sending rogue tweets.
The third type of permissions to note is read, write, and direct messages — like Twitter for Android has access to above. This means the app can not only access your profile, and send tweets on your behalf, it can also read your direct messages.
In the case of the official Twitter for Android app, this isn’t a problem. It needs it to function properly. But if a random third-party app is asking for this for no good reason, that’s not a good sign, and could put your private data at risk.
It’s good practice to periodically check what apps you’ve given permissions to — and to kick out any that you’re not using. Bio is Changed, for example, has now shut down, so there’s no good reason for me to allow it continued access to my account. With a click of a the Revoke access button, it’s gone.
Twitter doesn’t need to be hacked for your account to be in danger. So check what apps and services you’ve signed up to — or next time, you could be the one tweeting about Nazis.
More from Business Insider UK:
- Headline unemployment in Britain just fell to another record low
- Here’s who could replace Charlotte Hogg at the Bank of England
- LE PEN: Russia could become a French trading partner ‘on a par with the US’
- The EU Parliament intends to keep Britain in key European institutions as part of a transitional deal
- A Twitter tool was hacked and it caused some famous accounts to tweet about Nazis (TWTR)
Business Insider Emails & Alerts
Site highlights each day to your inbox.