Users of social network Twitter are being urged to update their security settings and institute two-step authentication after a West African hacker leaked the names, IDs, and certain authentication information for over 15,000 accounts Tuesday.
Notably, the hacker did not release password information for these accounts – instead, third-party authentication token data was published. These tokens are used by Twitter apps such as Hootsuite, Tweetdeck and Twitteriffic to access your account without the constant need of entering a password. Using a token and the right malicious script, another hacker could start posting tweets to your account.
Twitter has not revealed details of exactly how the hacker got his hands on the information, but its believed that the problem originated with a third-party software developer. Changing your password won’t protect you in this case, but reviewing the third-party applications you’ve given access to your account will limit your exposure to similar events in the future. To do so, visit twitter.com/settings/applications. Click the “Revoke access” button of any application you don’t recognize or use anymore.
You can also boost the security of your Twitter account by instituting two-step authentication, a procedure that requires you to approve unrecognized login attempts from new devices and programs with your smartphone. Learn more about setting up two-step authentication.