Nieman Foundation at Harvard
HOME
          
LATEST STORY
Newsonomics: Can Dutch import De Correspondent conquer the U.S.?
ABOUT                    SUBSCRIBE
March 15, 2017, 12:03 p.m.
Audience & Social
LINK: www.bloomberg.com  ➚   |   Posted by: Ricardo Bilton   |   March 15, 2017

A large-scale hack hit Twitter on Wednesday, affecting hundreds of high-profile accounts, including those belonging to news organizations like BBC North America and Forbes. The accounts posted identical spam messages that were written in Turkish and included swastikas and Nazi hashtags. The hack also swapped out the accounts’ profile photos.

Like many Twitter “hacks,” Wednesday’s breach wasn’t a result of hackers going after Twitter directly. Instead, the hack was a result of a vulnerability in third-party app Twitter Counter, a popular Twitter data analytics tool that was also hacked four months ago. Both Twitter Counter and Twitter itself acknowledged the hack and say they’re addressing the problems.

Connected apps are perennial security concerns. Some apps only require permission to read users’ Twitter feeds, but others, such as Twitter Counter, also have write permissions, which gives them the green light to tweet from accounts that use them. With every connected app, each a link weaker than Twitter itself, comes a new security vulnerability, and the potential for abuse is compounded by the ease in which new apps can be added. This results in a sort of “permissions creep” in which many apps are added over time, but few are removed. (True confession time: We checked the official @NiemanLab Twitter account — it has over 80 connected apps, some of which have had read and write permissions since 2009.)

Twitter says it has already removed Twitter Counter’s permissions, but the dustup should serve as yet another reminder of why it’s vital that news organizations, often the targets for hacks, periodically clean up their Twitter permissions of any old and unused apps. It’s a short process: From Twitter’s Settings and Privacy section, click Apps, which will list all the apps with third-party access. Clicking “revoke” will remove the app’s permissions. Twitter has more info here.

Show tags Show comments / Leave a comment
 
Join the 35,000 who get the freshest future-of-journalism news in our daily email.
Newsonomics: Can Dutch import De Correspondent conquer the U.S.?
It’s built a membership-driven model that produces trust, connection, and good journalism. But can it extend that approach to the hurly-burly of the American media market?
Jay Rosen: This is what a news organization built on reader trust looks like
The NYU professor explains why he’s working with De Correspondent on its U.S. launch — and why figuring out a trusted membership model is key to journalism’s future.
“Slower structural developments that shape society”: A Q&A with De Correspondent editor Rob Wijnberg
“What we try to do is to chart out what’s in between those extremes, because most of the world is not ruled by the extremes; the everyday reality is what the world is actually about.”