Twitter Exploit – Logging Into Outside Sites With Your Twitter Account Exposes You

For those of us that like to tweet all day but sometimes like to contribute to a third party website the ease of loggin using your twitter account is somewhat attractive.  Many sites use this feature just to verify you for commenting but any site can provide this connectivity between your accounts and provide more functionality.

The problem is when you authorize a third party to insert their connectoid into your twitter account … this connection can actually be exploited to allow the third party site access to your direct messages and most likely other parts of your account.

Having used this function with USTREAM many times so I can shout at live concerts or other events with my twitter account  I am always paranoid and endup going into my account right after and breaking the connection with UStream.

Even though I can be pretty assured that being one of 50,000 people connecting to a UStream concert that they won’t be exploiting my account … mostly because I am boring there are millions of sites that can make use of your connections.

Gary-Adam Shannon a writer for searchenginewatch.com showed a proof of concept when he hacked a WordPress plugin that allows the connection between your twitter account and a wordpress blog…

Now WordPress is used by millions of websites… including FoxNews, CNN and many more.  Like the connection with UStream you can probably expect your account is reasonably safe when you make connections to large companies like this but you never really know… and smaller sites well they can be just as honest or not.

The fact is if you don’t trust the site enough to release this information to them then you probably shouldn’t be allowing them to authenticate you through twitter.

And come on people don’t keep private info in a site like twitter… Make a Twitter Specific email account that you only use for twitter.. never send passwords and delete your direct messages if you dont have a reason to keep them…

No one really expects to be exploited and sometimes we leave our guard down either by being lazy or unknowing…

I think this time its a little of both.

So be careful out there..