I was in the 250,000 or so users who “may” have had their Twitter account compromised last week. There has been a lot of speculation about whether or not this is connected to other security breaches elsewhere.
I changed my password and actually audited where else I may have used this password – hopefully I am clear.
However during the process Twitter reminded me of all the other sites/apps/services I have OAuth’d with in the past few years.
WOW – ALMOST 200 APPS! (oops!)
I don’t think I have visited the full list of apps (where can you do this) in years. I methodically went through and disconnected many many services. A ton of them have either; been acquired, gone out of business, are defunct, or just seem random.
It feels good to do this housekeeping, but its also a dangerous reminder of the sheer number of services that had rights to my account.
When I was looking at companies at USV I must have connected my Twitter account to services multiple times per day/week/month – and I never kept track of them.
Its a reminder to audit these connections every so often and make sure your machine to machine credentials are not in the wrong hands.