Protecting Your Account from Common Twitter Security Vulnerabilities

Protecting Your Account from Common Twitter Security Vulnerabilities
Page content

Be Aware of Threats When Using Twitter

Twitter is a popular social networking tool, allowing users to follow and be followed, make status updates in 140 characters and share links that they feel might prove useful.

Since its launch in 2006, Twitter is estimated to have 190 million users. While most of these users are everyday folk posting updates from PCs, laptops and mobile phones, there are of course the odd celebrities using the service that gives Twitter its unique draw – there’s a chance that someone you admire might speak to you directly!

However as with all online services, Twitter brings with it some security risks. Various Twitter security vulnerabilities have been uncovered since its launch, some of which can still be exploited.

Protection from Twitter Security Vulnerabilities

Problems with security and privacy have plagued Twitter over the years, with high profile situations when celebrities’ and politicians’ accounts were hacked underlining this.

Regularly changing your password is a good way to protect against other problems that have been recorded in the past, such as the password of a Twitter administrator being compromised and used to disrupt many user accounts. Changing your passwords on all online accounts regularly is something that should be considered best practice.

If you use a mobile phone to update Twitter via SMS, you should be aware that spoof mobile numbers can be used to Tweet on your account. This vulnerability can be avoided by setting up a PIN in your Twitter profile. Alternatively, use a mobile Twitter app.

Twitter Spam

If you are fortunate enough to have a lot of followers on Twitter, you might think that you are pretty popular. You might actually be pretty popular, but generally speaking, having more followers increases the risk that you’ll suffer from exploited Twitter security vulnerabilities, particularly spam.

Remarkably, Twitter has become a haven for spammers who have been able to develop tools to allow them to message random people in order to generate income.

This is done using keyword triggers and a piece of software (quicker than manually looking for mentions of specific terms, such as “ipad”), spammers can then target the Tweeter with a spam link to sign-up for something “free”. Signing up will of course net the original Tweeter nothing, and the spammer a lot, as the link – obscured with a URL shortening service – will direct to an affiliate account from which the spammer will benefit.

Stay Safe Using Twitter

As a result of these Twitter security vulnerabilities and keyword-triggered spam, it is vital to remain safe online when using the service.

There are several steps you can take to prevent any of the above vulnerabilities being exploited with you as a target:

Ignore spam – if the @reply message or DM message is not relevant to anything you have posted, shared or know about, ignore it. Watch out also for keyword trigger spam messages and treat these in the same way.

Don’t share your password, whatever the circumstances – various vulnerabilities have been uncovered whereby Twitter accounts, once shared, can still be accessed even after the password has been changed. This is due to “weak sessions” – basically an individual’s user session with the service via the browser doesn’t expire when the account is logged out or the browser window closed.

Maintain privacy – the use of localization and GPS options on Twitter has been described as irresponsible by some, but it does have its uses. However, GPS shouldn’t be used permanently – while you’re enjoying yourself up on a mountain in Brazil, your house could be burgled. Disabling Tweet Location and enabling Tweet Privacy (Tweets read by only those that you approve) can be done via the Settings > Account tab of your profile at

Ignore emails linking to Twitter – these can be used as phishing attacks, linking to a spoofed Twitter website; once you enter your details, they’re copied by the phishers.



Screenshots provided by writer