Beware Your Permissions and Secure Your Accounts

I Have Personally Gotten Hacked… Twice

You can’t be too safe online today. In the days of cyber attacks, heart bleed and other random threats you might find online, you need to secure yourself. And with so many random profiles and accounts, this can be really hard. Almost impossible.

In fact, I have personally gotten hacked twice.

First Hack: Classic Email Hack At My Grandfathers Funeral & Daughters Birth

The first time was a few years ago and it was the classic email hack. The date is September 2011 and it was on an on an old Yahoo account I don’t use anymore. It was the weekend after my grandfathers funeral. I woke up that morning with plans to go to the hospital to pick up my wife who had just given birth to our daughter, and the first thing I saw on my phone was a message from a friend saying, “dude, your email was hacked”.

 yahoo_hacked

f#ck.

As if I didn’t have enough going on! Once I realized it was just my yahoo and not my Gmail, I relaxed. There is nothing in there remotely important. But it did scare me into setting up 2 step verification.

Second Hack: Possible Twitter Infiltration… Just a Normal Day

The other time this happened was a couple months ago. My friend sent me a note and said, “did you mean to post that on twitter”. Sure enough, I looked and there it was. A non condoned tweet. And no I did not mean to send it.

bad_tweet_1

I started panicking and investigating. Crap, I hope my twitter account wasn’t hacked.

I was still able to access the account and nothing else on twitter was compromised. That was a relief.

On the unauthorized tweet, I clicked on the pinterest link which took me to my pinterest profile. Turns out, my Pinterest was hacked by Iranian Coders in Paris.

pinterest haacked by iranians

They created a random pinboard and added a link to one of their sites. Odd. I am not entirely sure how valuable hacking a relatively dormant and inactive Pinterest account was. Whatever. To be investigated later. But, hooray! I found the perpetrator.

By the way, BIG props to Pinterest for putting my account in safe mode due to suspicious activity. I wonder why this doesn’t happen with other accounts online (or perhaps it does and I have luckily not had to experience it). But I digress.

pinterest_hacked

It still doesn’t explain the rogue tweet. 

How Did the Pinterest Post End Up On My Twitter?

Simple, I allowed it. Years ago. When Pinterest first came on the scene, I must have given Pinterest permission to post whatever it wanted on my twitter account. In fact, it isn’t the only thing I discovered when investigating. Apparently, over the years, I had give access to over 70 different apps on Twitter. Many of which I had never even heard of and probably no longer existed. Facebook is the same and even more scary.

By the way, you probably have too. See for yourself:

On twitter go to: Settings -> Apps and view the apps you have given permission to.

On Facebook go to: Settings -> Apps -> Apps you use.

For me, until recently, Buzzfeed, Instagram, and Slideshare were all sharing my activity every time I did something on their network (just to name a few). And most of the time, I had no knowledge of it. Imagine looking at some stupid top 37 list on Buzzfeed, taking an action and all that showing on Facebook. How embarrassing is that??? (It was for research I swear!) (by the way, I wrote about this EXACT fear almost 3 years here)

Heck, I even gave vizify access to my twitter to create the “end of the year video” for my year end conclusion post, and they took the liberty to change the link in my profile. Needless to say, their permissions were quickly revoked.

vizify hacks my twitter
Not Cool Vizify!

Protect Yourself And Your Networks

I don’t think you are at serious risk by giving these permissions. The worst that can happen (that I am aware of) is one of these apps post something on your behalf or access the information in your profile. They can’t steal your identify. But it’s still unsettling.

And what about hacking? You don’t want to get hacked.

Here are a number of things you can do to protect yourself online.

  • Check your permissions every once in a while. Not that anything terrible will happen if you don’t but why leave it to chance. You should know which apps have access to your accounts.
  • Start using 2 step verification. I use it for both my email and twitter. I agree, it can be annoying sometimes, but with Google Authenticator and the twitter verification texts, its really simple. And trust me, its way less annoying than actually getting hacked.
  • On top of two step verification, make sure your email password is unique and the most secure. If anyone ever tries to hack your account, guess where password resets go to. You guessed it. Email. Make sure no one can crack that one.
  • Create complicated passwords. If you are afraid you will forget it, then start using lastpass. Its awesome.

I would be really interested to hear about some of the horror stories other people have had where these permissions got them “caught” doing something online. Share below (or email me).

  • Josh Vinegar

    Two years ago my main google email account was hacked. Thankfully Google has an account activity monitoring system.

    Google detected my account was accessed from Texas and China within a relatively short amount of time, and that my usual activity happened from Canada… as soon as I logged in normally from home (Canada) I received a pop-up notification alerting me to the fact the account had been accessed elsewhere and asked me to verify the last 10 logins.

    I quickly saw the unusual activity and changed all my passwords, haven’t had an issue since.

    • aaronfriedman

      That is awesome that they have that. Very good to know. But for sure try 2 step verification if you haven’t before. Its easy and awesome!

  • Pingback: PSA: YouTube Posts Your Comments To Google+ You Anti-Semite - Digital Highrise()