There has been a recent surge in incidents where Web3 projects or public figures have had their X accounts hacked and used to post phishing tweets. Hackers employ various techniques to steal user accounts, with some of the more common methods including:
The SlowMist security team has helped resolve several such incidents. For example, on July 20th, the X account of the TinTinLand project team was hacked, and the attacker posted a phishing link as a pinned tweet. With SlowMist’s assistance, TinTinLand quickly regained control of the account, reviewed its authorizations, and strengthened its security measures.
Due to the frequent occurrences of account breaches, many users are unsure of how to improve the security of their X accounts. In this article, the SlowMist security team will guide you through the process of performing authorization checks and setting up security measures for your X account. Below are the detailed steps.
Let’s use the web version as an example. After navigating to the x.com page, click on the “More” option in the sidebar, and then select “Settings and privacy.” This area is where you can configure your account’s security and privacy settings.
Once you’re in the “Settings” section, choose “Security and account access” to manage your account’s security settings and control authorized access.
Phishing attacks often exploit users who inadvertently click on authorization links, granting unauthorized apps permission to post tweets from their X accounts. These compromised accounts are then used to send phishing messages.
How to Check: Go to the “Apps and sessions” section to review which applications have been granted access to your account. In the example below, the demonstration account has authorized these three applications.
When you select a specific application, you’ll be able to view the permissions it has been granted. If needed, you can remove these permissions by clicking “Revoke app permissions.”
How to Check: Navigate to Settings → Security and account access → Delegate.
If you notice that your account has the “Allow invitations to manage” option enabled, you should go to “Members you’ve delegated” to review which accounts have access to your account. If these shared permissions are no longer needed, you should revoke the delegation immediately.
If you suspect that your account has been accessed maliciously, you can review the login logs to identify any suspicious devices, dates, or locations.
How to Check: Go to Settings → Security and account access → Apps and sessions → Account access history.
As illustrated below, when you access “Account access history,” you can see details such as the device model, login date, IP address, and location. If you notice any unusual login activity, it could be a sign that your account has been compromised.
If your X account has been compromised and you suspect unauthorized logins, you can review the devices currently logged into your account and remove the malicious device from the session.
How to Check: Choose “Log out the device shown” to log your account out from the specific device.
Enable 2FA (Two-Factor Authentication) To safeguard your account, you can enable 2FA, which adds an extra layer of security and helps prevent your account from being easily taken over if your password is compromised.
How to Configure: Go to Settings → Security and account access → Security → Two-factor authentication.
You can choose from the following 2FA options to strengthen your account’s security: SMS verification codes, authentication apps, and security keys.
Beyond setting your account password and enabling 2FA, you can further secure your X account by turning on additional password protection.
How to Configure: Go to Settings → Security and account access → Security → Additional password protection.
Regularly reviewing authorized apps and monitoring login activity is essential for keeping your account secure. The SlowMist security team advises users to routinely follow the outlined steps to perform authorization checks on their X accounts. This proactive approach will help reinforce your account’s security and minimize the risk of hacker attacks. If you suspect your account has been compromised, take immediate steps: change your password, review and revoke any suspicious authorizations, and enhance your account’s security settings.
There has been a recent surge in incidents where Web3 projects or public figures have had their X accounts hacked and used to post phishing tweets. Hackers employ various techniques to steal user accounts, with some of the more common methods including:
The SlowMist security team has helped resolve several such incidents. For example, on July 20th, the X account of the TinTinLand project team was hacked, and the attacker posted a phishing link as a pinned tweet. With SlowMist’s assistance, TinTinLand quickly regained control of the account, reviewed its authorizations, and strengthened its security measures.
Due to the frequent occurrences of account breaches, many users are unsure of how to improve the security of their X accounts. In this article, the SlowMist security team will guide you through the process of performing authorization checks and setting up security measures for your X account. Below are the detailed steps.
Let’s use the web version as an example. After navigating to the x.com page, click on the “More” option in the sidebar, and then select “Settings and privacy.” This area is where you can configure your account’s security and privacy settings.
Once you’re in the “Settings” section, choose “Security and account access” to manage your account’s security settings and control authorized access.
Phishing attacks often exploit users who inadvertently click on authorization links, granting unauthorized apps permission to post tweets from their X accounts. These compromised accounts are then used to send phishing messages.
How to Check: Go to the “Apps and sessions” section to review which applications have been granted access to your account. In the example below, the demonstration account has authorized these three applications.
When you select a specific application, you’ll be able to view the permissions it has been granted. If needed, you can remove these permissions by clicking “Revoke app permissions.”
How to Check: Navigate to Settings → Security and account access → Delegate.
If you notice that your account has the “Allow invitations to manage” option enabled, you should go to “Members you’ve delegated” to review which accounts have access to your account. If these shared permissions are no longer needed, you should revoke the delegation immediately.
If you suspect that your account has been accessed maliciously, you can review the login logs to identify any suspicious devices, dates, or locations.
How to Check: Go to Settings → Security and account access → Apps and sessions → Account access history.
As illustrated below, when you access “Account access history,” you can see details such as the device model, login date, IP address, and location. If you notice any unusual login activity, it could be a sign that your account has been compromised.
If your X account has been compromised and you suspect unauthorized logins, you can review the devices currently logged into your account and remove the malicious device from the session.
How to Check: Choose “Log out the device shown” to log your account out from the specific device.
Enable 2FA (Two-Factor Authentication) To safeguard your account, you can enable 2FA, which adds an extra layer of security and helps prevent your account from being easily taken over if your password is compromised.
How to Configure: Go to Settings → Security and account access → Security → Two-factor authentication.
You can choose from the following 2FA options to strengthen your account’s security: SMS verification codes, authentication apps, and security keys.
Beyond setting your account password and enabling 2FA, you can further secure your X account by turning on additional password protection.
How to Configure: Go to Settings → Security and account access → Security → Additional password protection.
Regularly reviewing authorized apps and monitoring login activity is essential for keeping your account secure. The SlowMist security team advises users to routinely follow the outlined steps to perform authorization checks on their X accounts. This proactive approach will help reinforce your account’s security and minimize the risk of hacker attacks. If you suspect your account has been compromised, take immediate steps: change your password, review and revoke any suspicious authorizations, and enhance your account’s security settings.