Most people are aware of (or at least heard of) the popular micro-blogging site Twitter. This social networking and updating site allows users to send brief messages (140 characters or less) via the service. By default, the messages are visible to anyone on the Internet - if they know where to look. Most Twitter users read tweets of other users they have chosen to "follow."  (Note that users can opt to "protect" their tweets," making them visible only to those other Twitter users pre-approved to view them.) Twitter also allows users to send "Direct Messages" (or "DM"s) to any other user who is "following" them.

Third-party application developers can also build tools to integrate their products with Twitter. Integrating these third-party applications allows you to post information from the third-party application as a Twitter update, or conversely post information from a Twitter update to the third-party application. Some of the most popular automatically post a Status Update form your Facebook account as a Twitter update or allow you to post a photo and caption at a site like TwitPic and have that appear in a tweet. You must pro-actively add any of these third-party applications to your account and grant them permission to access your Twitter account data before they can work.

While most applications are built to function as they are described, nefarious developers could build a application that's meant to surrepticiously harvest information from your account. Depending on the level of access granted to the application, this may include the ability to to read your updates and/or write updates to your account (generally acceptable as in the examples given in the previous paragraph) or to read your Direct Messages (usually less desirable). This is one reason it is very important to read the Permission screens that appear before granting access to your account to any third-party application.

Wihle most attacks on Twitter users com via shortened links to a separate malicious Web site, the risk of malicious third-party apps exists. There is not a master list of malicious third-party applications built to interact with Twitter, so we are attempting to build a list resources on the topic. Here's what we have located to date. (Bear with us. It will be a continual work in progress.)  We hope it is helpful. Don't hesitate to contact us is you find something you think would be a useful addition to this list.

Note that Twitter has made changes to its security ant permissions system to battle some of the issues noted in older articels listed below. Those older articles are included for reference.

2011

6/27 - Thinq_- Simon Pegg's Twitter Hacked, Abused

6/27 - AllTwitter.com - Do You Know Who Has Access To Your Twitter Account? Check Your Application Settings

5/23 - Technorati - Twitter Third-Party Applications Permission Model Will Minimize Hacking Attacks to Users

4/20 - CRN News - Twitter Virus Spreads 'Unfollow Me' App

3/2 - Softpedia - Rogue-App-Based Survey Scams Move to Twitter

1/12 - Blog of Adam Wulf - Stealing Passwords is Easy in Native Mobile Apps Despite OAuth

1/1 - Light Point Security - How to Remove Third-Party Apps form Your Twitter Account

2010

9/16 - oneforty Blog - Twitter Permission & Security

9/2 - ArsTechnica - Compromising Twitter's OAuth Security System