Earlier this week, lots of twitter account started publishing unwanted messages.
Victims of this attack were quite famous twitter account such as Graham Cluley, Amnesty International and so much more…
After a few hours, it has been communicated that one external tool was hacked (twittercounter) and so the attacker had access to every account with delegated access to this application.
Guess what, this tool needed a right access to provide stats (remind me of lots of Android applications requesting to browse through your whole phone to turn on the flashlight…)
What you should keep it mind:
- always check the requested rights, should a stat tool request possibility to post in your name? (what is the point of having strong front door if you lend keys to anybody)
- perform a regular review, if you don’t use one app, remove its rights
Personaly after every of these security topic, I make a full review… your choice.