Who tweets for you? You’d be surprised!

Are you the only person who can tweet on your twitter account?  The answer is probably “no”.

As I checked Twitter this morning, I found a number of tweets from a friend that related to Miracle Berry product. Amazing Weight Loss products have nothing to do with her business.  I sent her the following:

Hi, xxxxx.
There are a couple of posts from you on twitter that point to sites that are inconsistent with your normal tweeting pattern.
Please login to Twitter ASAP to see if these are yours. If not, you can delete the tweets and change your twitter password.  Also, go to your Twitter account settings and see which applications have authority to post tweets through your account. Disable any that you don’t recognize or don’t currently use.  Link is https://twitter.com/settings/applications
Well, that’s probably good advice for me, too. I checked my applications page and found that over the last year or so, I’ve given over 25 applications and services the right to post tweets on my behalf.  In that fine print we all ignore when clicking on the “login with Twitter” button on various web sites, we often grant applications and web sites the right to post items to our twitter feed. It’s a good idea to take a few minutes now, review the list, and revoke permissions for those you’re not currently using or don’t recognize.
How did my friend’s account get compromised? We’ll probably never know.  It could be a rogue application or a non-SSL login on an open WiFi access point. It could also be a password she uses on multiple websites and services, where one was either hacked or was a designed as a password collector.
The key takeways are to keep an eye on your tweets, change your password from time to time, never re-use a password, and review the applications allowed to post on your behalf.
To whom have you given the keys to your Twitter and Facebook feeds?