News Room

News from Wintercorn about Joomla!, WordPress and other tech subjects

How Hackers Can Break Into Your Online Accounts Without Passwords

hackerIn the wee hours of Wednesday morning, a host of prominent Twitter accounts were compromised and, as a result, began spouting swastika-laden propaganda in support of Turkey's president Recep Erdoğan ahead of a referendum next month which could consolidate his power. So now's a good time to check your own accounts and make sure you close the backdoor that let this happen to other people.

So how did it happen?

If you've ever logged into an app or service by using your Google/Facebook/Twitter account in lieu of creating a new username and password, you've opened up the app permissions hole. This feature is fine and good—it lets you worry about fewer passwords and sometimes is necessary for apps that work directly with your other account. But it's also a security liability.

The amount of access these sorts of apps have is always limited. They generally don't have the ability to change your password or the like; your Twitter/Facebook/Google account reserves that for itself. These apps also never get your real password. Your main account simply authorizes them using a generated "token." But sometimes this level of access is enough to post to your account,and ultimately your followers. The recent attacks seems to be have been through the original app getting hacked itself.

How can you prevent this?

Revoke as many permissions as you can and do it every few months. Every account has a way to look through what apps have what sort of access to your account.

Read the full story at Popular Mechanics

Print   Email

About Us

Wintercorn are Joomla! and WordPress specialists based in Norwich but with clients across the U.K., Europe, Middle East, Australia and the United States.

We build, manage and support mission-critical Joomla! and WordPress sites for professional organisations around the globe who care about their brand.

It's all we do, every day. 


Contact Us