If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!
One of the most frequent questions we’ve had recently is regarding the security of SocialToo, and if you store your password with us, will it remain secure? As you may already know, various phishing attacks have made their way around Twitter recently, and have put the issue of password security, in particularly around third-party apps, at the top of everyone’s minds. As always, we continue to recommend you be careful who you share your password with, always check the URL of the site you are entering your password on, and change your passwords frequently. Another good rule of thumb is to not use the same password on less-secure websites like Twitter as you would on a more secure website such as your bank.
While Twitter has not pointed the finger at any third party apps for these phishing attacks and hacks, they have made known that the issue is specifically related to a hosting provider that we at SocialToo.com are not using (We use Amazon EC2 services for all our servers). Regardless, we do take your security seriously. Here are some of the things we are doing to ensure you are in the most secure environment possible:
Frequent Database Reviews
At SocialToo, we review your data frequently, while maintaining your anonymity. We are doing our best to monitor various worm and hacker threats, and search frequently to ensure that your accounts have not been compromised. We are also keeping an open dialogue with Twitter. Were Twitter ever to catch something we had missed and notify us, we would correct the issue, immediately. As of this moment, not a single account on SocialToo has been compromised, and it would be quite hard to do so. We ask for a separate username and password beyond your Twitter username and password (or other social network) just to protect you from that. This way, were your Twitter account to be compromised, your SocialToo.com account could not also be compromised.
Vocal Advocates of Secure Authorization Technologies
For those that know me personally, you may have read some of my blog posts recently on the subject. I still argue that Twitter’s acceptance of OAuth would have stopped the phishing attacks seen recently. While I agree it won’t stop all phishing attacks, it would prevent apps such as SocialToo.com from being the cause of such attacks. We are one of the most vocal advocates on the Twitter developer mailing lists and elsewhere, and will continue to be a supporter of this, and other secure technologies. Twitter’s requiring developers to collect plain-text usernames and passwords is unacceptable in our minds, and the minute Twitter changes this, we will convert immediately so your data remains secure.
Continued Monitoring of Customer Complaints
Another thing that sets us apart from other services is we monitor your complaints and suggestions, religiously. It doesn’t matter if you address us or not, we are tracking mentions of our name, so if anyone mentions we could be the cause of such a phishing attack, we monitor each and every one of those complaints. To this date, every one of those complaints has been unfounded. We believe in personal service here, and my hope is that we can continue that personalized service as long as we are capable. If someone suggests we’re the cause of a phishing attack, or hacking attack and you question that, please do not hesitate to contact me personally at jesse@socialtoo.com.
Vocal Advocates of Source Detection Technologies
Another cause we are fighting for at SocialToo is to have Twitter enable clients to provide their source with DMs they send on behalf of users. Ideally, when OAuth is implemented, this should be a required feature, but for now we’ll accept optional. While we realize this will not stop Phishing, it will enable us to ensure you know which DMs are coming from our service (we will send it with 100% of the DMs we send on behalf of our users), and if anyone spoofs our name, or compromises our users accounts, we can know immediately. It will also give you, the user a little more information regarding where DMs you receive come from. If you think this is a good idea, would you please @reply @ev, @biz, and/or @al3x at Twitter and let them know you would like to see this? Tag it #dmsource so we can track it. We will be creating a bug for this shortly and you can star that when it is ready to show your support as well.
As you can see, we’re doing all we can to ensure your data is secure. I’m confident it will remain so, and you can feel confident in that. It’s a shame that we as app developers have to defend this stance, but I am confident Twitter and other social websites will do the right thing by implementing secure auth standards in the near future. When they do, we’ll be right there along with them.
(BTW, I’m creating a new category for this for Security – I’m sure this won’t be our last post about security!)
Image Credit: Miles Cox
Tags: hack, hacking, oauth, phish, phishing, Security, socialtoo
I'm all for the adoption of OAuth, although I think that it is going to take a long time just because it wasn't implemented from the beginning. At the beginning the least that should have been done was create an API/Remote key, but anyway. What will happen is for the X number of months it takes for people to switch over, many will still give out their passwords, creating one last chance for people to be phisphed. With the whole site badge, alongside the phishing attacks, I'm sure a lot of people are losing faith in Twitter's ability to keep their accounts secure. The upside to Twitter being so unique however is that you can't really go to a more safe service (besides Facebook). Thank you for keep us up to date through all this chaos!
Keep after them, Miles…
I'm actually glad that phishers hit Twitter, its about time a service that critics acclaim as 'best', gets hacked with a password like 'Happiness'. Using SocialToo is way smarter than just using Twitter, so thanks for beefing up my 'follow' process.
I just did three @replies to @ev, @biz, and @al3x about #dmsource. EPIC +1.
Thanks for providing information. I am regularly using twitter. I Will definitely follow the guidelines.
[...] you’re new here, you may want to subscribe to our RSS feed. Thanks for visiting!As we’ve made evident before, we’re strong opponents against the [...]
Got something different this time. A post on my account that wasnt posted by me.
@bertop he leido que ests enganchado a los .mkv , de donde los sacas?! Llevo 2 semanas buscando El club de la lucha!!
I never posted that. But saw when users followed/unfollowed after that post.
Any thoughts?
@MatthewRay
Matt, we're having some issues with that right now. I'm looking into it,
and we'll update the blog – http://blog.socialtoo.com when it's fixed.
Thanks for letting us know.
I am concerned as I just recieved a e-mail from you guys saying a message that I didnt post.
http://www.AndersonFinancialMarketing.com
Checking out web site Http://www.uclick4love.co.uk
I got the same thing in my email…..has socialtoo's security been comprimised???? I'm about to blog about it.
@bertop he leido que ests enganchado a los .mkv , de donde los sacas?! Llevo 2 semanas buscando El club de la lucha!!
I love your service. I know that as with any service there are bugs. Thanks for working this one out.!! Keep up the great work.
I'm actually glad that phishers hit Twitter, its about time a service that critics acclaim as 'best', gets hacked with a password like 'Happiness'. — are you serious?
[...] you’re new here, you may want to subscribe to our RSS feed. Thanks for visiting!I’ve mentioned here before that my intentions for SocialToo are for it [...]