How hackers can get into your accounts without the password
On Wednesday morning, high-profile Twitter accounts were hacked and then flooded with swastika-laden propaganda.
Twitter accounts such as Duke University, Forbes and Amnesty International were victims of this latest online scandal.
These accounts are most likely protected by high security measures including two-factor authentication and strong protections. Although these measures are important, hackers have found a way to bypass them.
Hackers are now using app permissions to infiltrate online accounts. App permissions involve logging into an app or service by using one of your key social accounts such as your Google, Facebook or Twitter account. This feature allows you to worry about fewer passwords and sometimes is necessary for apps to work with other accounts, but it also presents security issues.
This recent hack was caused by an app called “Twitter Counter”. This app provides analytics of Twitter accounts and the app not only requests permission to see your data, but to also Tweet. This feature could prove helpful if you want to send out tweets inside the app but this is how these high-profile accounts were compromised.
Apps that have permissions are generally limited in the access they have over your account. In most cases, they don’t have the ability to change your password and they also never get your real password. Your main account just gives them a generated one once you use that account to sign up. Although you can still have control over your password and regain your account back, once an account has been infiltrated, the world has already seen the information the hacker has posted on your profile.
The solution
Take a look at what apps have access to the accounts you use online. Revoke as many permissions as you can and create a practice of checking it regularly.
On Twitter, click on your avatar on the top right next to the “Tweet button” and then press Settings and privacy. Look at the list on the left side and then select Apps and you can scroll through and revoke access to any apps that don’t need to be linked to your Twitter account.
On your Google account, conduct a Security Check-up which will automatically run through your app permissions. Then revoke the apps that have permission to use your account.
On your Facebook account, click on the question mark menu on the left side of your notifications icon and select Privacy. On the left-hand side select Apps and then press Show All at the bottom of the box that is marked with Logged in with Facebook. Get rid of any apps that you don’t need on the list.