Security Guide for Securing X (Twitter) Account

Background Overview

Recently, there have been frequent incidents where Web3 project owners or celebrities' X accounts have been hacked and used to send phishing tweets. Hackers often use various methods to steal user accounts, with some common tactics including:

1. Tricking users into clicking on fake Calendly/Kakao meeting links to steal account authorization or control their devices.

2. Sending direct messages to lure users into downloading Trojan-infected programs (disguised as games, meeting apps, etc.), which can steal private keys/mnemonics and X account permissions.

3. Using SIM Swap attacks to steal X account permissions that rely on phone numbers.

Given the frequent occurrences of such incidents, many users are unaware of how to enhance the security of their X accounts. The Veritas Protocol Security Team will explain how to conduct authorization checks and security settings for X accounts. Here are the specific steps:

Authorization Check

We use the web version as an example. After opening the x.com page, click on the "More" sidebar and find the "Settings and privacy" option, which is mainly used for setting account security and privacy.

After entering the "Settings" section, select "Security and account access" to set the security and access permissions for the account.

Review Authorized Applications

Many phishing methods involve tricking users into clicking on application authorization links, which can result in granting tweet posting permissions to the X account, leading to the account being used for phishing.

Check method: Select the "Apps and sessions" section to see which applications the account has authorized, as shown below, the demonstration account has authorized these three applications.

After selecting a specific application, you can see the corresponding permissions. Users can remove permissions through the "Revoke app permissions" option.

Review Delegation Status

Check method: Settings → Security and account access → Delegate

If you find that the account allows invitation management, you need to enter "Members you've delegated" to see which accounts the current account is shared with. If sharing is no longer needed, delegation should be canceled immediately.

Review Abnormal Login Logs

If users suspect that their account has been maliciously accessed, they can check the login logs to see abnormal login devices, dates, and locations.

Check method: Settings → Security and account access → Apps and sessions → Account access history

As shown below, entering Account access history allows you to view the device model, login date, IP, and region. If abnormal login information is found, the account may have been compromised.

Review Login Devices

If a malicious login occurs after an X account is stolen, users can view the current login devices for the account and log out the suspicious device.

Check method: Select "Log out the device shown" to log the account out from a specific device.

Security Settings

2FA Verification

Users can enable 2FA verification to set up two-factor authentication, reducing the risk of account takeover if the password is leaked.

Configuration method: Settings → Security and account access → Security → Two-factor authentication

You can set up the following 2FA methods to enhance account security, such as SMS verification codes, authentication apps, and security keys.

Additional Password Protection

In addition to setting account passwords and 2FA, users can enable additional password protection to further enhance X account security.

Configuration method: Settings → Security and account access → Security → Additional password protection

Summary

Regularly checking authorized applications and login activities is key to ensuring account security. The Veritas Protocol Security Team recommends that users regularly conduct authorization checks on their X accounts according to the steps outlined to strengthen account security and reduce the risk of hacker attacks. If you discover that your account has been compromised, immediately take action to change your account password, conduct authorization checks, revoke suspicious authorizations, and enhance security settings for your account.