Experts at Sophos are advising all Twitter users to take immediate advantage of a new feature offered by the site – "Always use HTTPS".
"Twitter's new security option means that once you have logged in, all of your interaction with Twitter is encrypted automatically," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
“If you don't use HTTPS, impostors who listen in to your Twitter traffic can obtain your session key – a secret code that identifies you for as long as you're logged in. This means that they can impersonate you, posting any tweets on behalf of you or your company."
This type of impersonation is known as sidejacking, because it lets an impostor hijack your Twitter session while sitting somewhere alongside you.
"Every time you use unencrypted WiFi, in a coffee shop or airport lounge for example, any users sitting nearby could be sidejacking you. If you're a Twitter user, turn this new option on today," Myroff advises.
”This sort of online impersonation is embarrassing at best. At its worst, it could be reputation-trashing.”