Do you remember what you were doing on Twitter in 2010?
Twitter accounts have been compromised by a range of security issues lately — and in at least one case the vulnerability is tied to a decision users made years ago. It might be time to double check how secure your account really is.
Early Thursday morning, the official Twitter account for McDonald’s pinned a tweet directed at President Trump. It read, “You are actually a disgusting excuse of a President and we would love to have @BarackObama back, also you have tiny hands.”
The tweet remained up for about 20 minutes before it was removed. The fast-food giant, of which the president is a big fan, issued a statement saying the account had been “hacked by an external source.”
McDonald’s isn’t the only Twitter account raising eyebrows this week. On Wednesday, accounts including Justin Bieber’s and Amnesty International’s tweeted out Nazi symbols and political messages in Turkish.
The hacks with Turkish and Nazi messages have been attributed to a third-party tool called Twitter Counter, which provides users with statistics on the readership of their tweets. The service was hacked this week, a repeat of what happened to it four months ago. (It is not clear whether that is related to the rogue tweet from the McDonald’s account.)
In the early days of Twitter, users often connected outside tools to their accounts to analyze followers, automatically tweet messages, or find new people to follow. These tools have fallen out of popularity — in part because Twitter now offers similar services itself — but lots of people connected them years ago and forgot about them.
How to protect your account
First things first: Check to make sure no tools are connected to your account that shouldn’t be. Here’s how to do that:
- Go to Twitter.com on your desktop and log in.
- From the main screen, click your portrait on the upper right, and select “Settings and privacy” from the drop-down menu.
- From the next screen, choose “Apps” in the left-hand menu.
- See anything you don’t use or recognize? Click “Revoke access.”
While you’re in your settings, it’s a great time to change your password and add two-factor authentication to your account. The hacks that have affected Yahoo, Cloudflare and other sites and services may have released your password to people who shouldn’t have it (like alleged Russian spies or hackers).
If you use your Twitter password for anything else — Uber, Fitbit, OKCupid, 1Password, or Yahoo, for instance, were affected by recent hacks — it could be vulnerable and needs to be changed.
To change your password, select “Password” from the settings menu. You’ll be prompted to enter your old password and then plug in a new one twice.
Adding two-factor authentication tacks on another layer of security for your account. From the Settings menu, select “Account” and check the box next to “Verify login requests.” You’ll be prompted to enter your cell phone number.
With two-factor authentication, any time you log in from a new computer or device, you’ll get a six-digit code on your phone that you must enter. That means that even if someone else gets their hands on your password, they won’t be able to tweet unless they get your phone too.
Follow me on Twitter @jessica_roy.