Forum
OPRR
Finance
Specials
On-chain Eco
Entry
Podcasts
Data
SlowMist: X Account Security Troubleshooting and Reinforcement Guide
Summarized by AI
Original title: "SlowMist: X Account Security Troubleshooting and Reinforcement Guide"
Original author: Yao, Manwu Technology
Background Overview
Recently, there have been frequent incidents of Web3 project/celebrity X accounts being stolen and used to send phishing tweets. Hackers are good at using various means to steal user accounts. The more common routines are as follows:
· Induce users to click on fake Calendly/Kakao meeting appointment links to steal user account authorization or control user devices;
· Private messages trick users into downloading programs with Trojans (fake games, meeting programs, etc.). In addition to stealing private keys/mnemonics, Trojans may also steal X account permissions;
· Use SIM Swap attacks to steal X accounts that rely on mobile phone numbers. Account permissions.
The SlowMist security team assisted in solving many similar incidents. For example, on July 20, the account X of the TinTinLand project was stolen, and the attacker pinned a tweet containing a phishing link. With the assistance of the SlowMist security team, TinTinLand promptly solved the account theft problem and conducted authorization review and security reinforcement for the X account.
Considering the frequent victims, many users do not know much about how to enhance the security of the X account. The SlowMist security team will explain how to do authorization troubleshooting and security settings for the X account in this article. The following are the specific steps.
Authorization troubleshooting
Let's take the Web end as an example. After opening the x.com page, click "More" in the sidebar and find the "Settings and privacy" option, which is mainly used to set the security and privacy of the account.
After entering the "Settings" column, select "Security and account access" to set the security and authorized access of the account.
View authorized applications
Many phishing methods take advantage of users accidentally clicking on the authorized application link, resulting in the authorization of the tweeting permission of account X, which is then used to send phishing messages.
Troubleshooting method: Select the "Apps and sessions" column to check which applications the account has authorized. As shown in the figure below, the demo account has authorized these 3 applications.
After selecting a specific application, you can see the corresponding permissions. Users can remove permissions through "Revoke app permissions".
Check the delegation status
Troubleshooting method: Settings → Security and account access → Delegate
If you find that the current account has enabled the invitation management, you need to go to "Members you've delegated" to check which accounts the current account has been shared with. If sharing is no longer needed, you should cancel the delegation as soon as possible.
View abnormal login logs
If the user suspects that the account has been maliciously logged in, the user can check the login log to view the device, date and location of the abnormal login.
Checking method: Settings → Security and account access → Apps and sessions → Account access history
As shown below, enter Account access history to view the model, login date, IP and region of the login device. If abnormal login information is found, the account may have been stolen.
View login devices
If a malicious login occurs after the X account is stolen, the user can view the login devices of the current account and then kick the malicious login device offline.
Troubleshooting method: Select "Log out the device shown" to log out of the account from a certain device.
Security Settings
2FA verification
Users can enable 2FA verification to enable double verification insurance for their accounts to avoid the risk of their accounts being directly taken over after password leakage.
Configuration method: Settings → Security and account access → Security→ Two-factor authentication
You can set the following 2FA to enhance the security of your account, such as SMS verification code, authenticator, and security key.
Additional password protection
In addition to setting account passwords and 2FA, users can also enable additional password protection to further enhance the security of their X accounts.
Configuration method: Settings → Security and account access → Security → Additional password protection
Summary
Regularly checking authorized applications and login activities is the key to ensuring account security. The SlowMist Security Team recommends that users regularly perform authorization checks on X accounts according to the troubleshooting steps to enhance account security and reduce the risk of being hacked. If you find that your account has been hacked, please take immediate measures to change the account password, conduct authorization checks, revoke suspicious authorizations, and set security enhancements for the account.
Original link
Welcome to join the official BlockBeats community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Discussion Group: https://t.me/BlockBeats_App
Official Twitter Account: https://twitter.com/BlockBeatsAsia
