SlowMist: X Account Security Troubleshooting and Reinforcement Guide

Original title: "SlowMist: X Account Security Troubleshooting and Reinforcement Guide"

Original author: Yao, Manwu Technology

Background Overview

Recently, there have been frequent incidents of Web3 project/celebrity X accounts being stolen and used to send phishing tweets. Hackers are good at using various means to steal user accounts. The more common routines are as follows:

· Induce users to click on fake Calendly/Kakao meeting appointment links to steal user account authorization or control user devices;

· Private messages trick users into downloading programs with Trojans (fake games, meeting programs, etc.). In addition to stealing private keys/mnemonics, Trojans may also steal X account permissions;

· Use SIM Swap attacks to steal X accounts that rely on mobile phone numbers. Account permissions.

The SlowMist security team assisted in solving many similar incidents. For example, on July 20, the account X of the TinTinLand project was stolen, and the attacker pinned a tweet containing a phishing link. With the assistance of the SlowMist security team, TinTinLand promptly solved the account theft problem and conducted authorization review and security reinforcement for the X account.

Considering the frequent victims, many users do not know much about how to enhance the security of the X account. The SlowMist security team will explain how to do authorization troubleshooting and security settings for the X account in this article. The following are the specific steps.

Authorization troubleshooting

Let's take the Web end as an example. After opening the x.com page, click "More" in the sidebar and find the "Settings and privacy" option, which is mainly used to set the security and privacy of the account.

After entering the "Settings" column, select "Security and account access" to set the security and authorized access of the account.

View authorized applications

Many phishing methods take advantage of users accidentally clicking on the authorized application link, resulting in the authorization of the tweeting permission of account X, which is then used to send phishing messages.

Troubleshooting method: Select the "Apps and sessions" column to check which applications the account has authorized. As shown in the figure below, the demo account has authorized these 3 applications.

After selecting a specific application, you can see the corresponding permissions. Users can remove permissions through "Revoke app permissions".

Check the delegation status

Troubleshooting method: Settings → Security and account access → Delegate

If you find that the current account has enabled the invitation management, you need to go to "Members you've delegated" to check which accounts the current account has been shared with. If sharing is no longer needed, you should cancel the delegation as soon as possible.

View abnormal login logs

If the user suspects that the account has been maliciously logged in, the user can check the login log to view the device, date and location of the abnormal login.

Checking method: Settings → Security and account access → Apps and sessions → Account access history

As shown below, enter Account access history to view the model, login date, IP and region of the login device. If abnormal login information is found, the account may have been stolen.

View login devices

If a malicious login occurs after the X account is stolen, the user can view the login devices of the current account and then kick the malicious login device offline.

Troubleshooting method: Select "Log out the device shown" to log out of the account from a certain device.

Security Settings

2FA verification

Users can enable 2FA verification to enable double verification insurance for their accounts to avoid the risk of their accounts being directly taken over after password leakage.

Configuration method: Settings → Security and account access → Security→ Two-factor authentication

You can set the following 2FA to enhance the security of your account, such as SMS verification code, authenticator, and security key.

Additional password protection

In addition to setting account passwords and 2FA, users can also enable additional password protection to further enhance the security of their X accounts.

Configuration method: Settings → Security and account access → Security → Additional password protection

Summary

Regularly checking authorized applications and login activities is the key to ensuring account security. The SlowMist Security Team recommends that users regularly perform authorization checks on X accounts according to the troubleshooting steps to enhance account security and reduce the risk of being hacked. If you find that your account has been hacked, please take immediate measures to change the account password, conduct authorization checks, revoke suspicious authorizations, and set security enhancements for the account.

Original link

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群： https://t.me/theblockbeats

Telegram 交流群： https://t.me/BlockBeats_App

Twitter 官方账号： https://twitter.com/BlockBeatsAsia