Don’t Hack Me Bro: Can You Trust Third Party Twitter Applications?

According to the Twitter Blog, there are more than fifty thousand registered applications on the Twitter platform. In fact, nearly 50% of tweets are sent through third-party applications, but can you trust them with your Twitter account?

As Twitter continues to gain momentum, it has found itself the target of hackers and phishing schemes. The most recent Twitter attack occurred on February 2nd. Due to a phishing attack, many Twitter users were locked out of their accounts and were forced to change their password. While Twitter hasn’t officially determined the source of the attack, they made it clear on TechCrunch that users should be wary of “get followers fast” schemes.

Most Twitter applications are secure and are developed by companies that take user privacy and security seriously. However, not all Twitter applications are safe.

The simplest way to protect your Twitter account is to only register with Twitter applications that use Twitter OAuth. What is Twitter OAuth? According to Twitter’s Wiki, “OAuth is an authentication protocol that allows users to approve an application to act on their behalf without sharing their password.” In plain English, OAuth is a way for you to give third party applications access to your Twitter account without giving them access to your login credentials.

NutshellMail is just one example of a secure Twitter application that uses Twitter OAuth. Here’s how it works: When you link your Twitter account to NutshellMail, a browser window will popup where you are asked to allow NutshellMail to access and update your data on Twitter. It is important to note, that when you enter your login credentials and grant access to NutshellMail, you are actually sending data to Twitter and not NutshellMail. Twitter will then send NutshellMail a token that enables it to access and update your account on your behalf.  You can revoke this permission anytime without even visiting the NutshellMail website. In short, when you register through Twitter OAuth, the third-party application does not get access to your Twitter password.

To put it in other words, you should never provide your Twitter password to any site other than Twitter. While allowing a third-party application to store your username and password doesn’t necessarily mean they will use your information in an unscrupulous way, it does make your data vulnerable to attacks on their servers.

If you believe your Twitter account has been hacked, Twitter offers several ways for you to troubleshoot the problem, but the first step is to change your password.