Daryl Morey’s $50,000 Mistake Could Have Been Avoided. Here’s How To Check Permissions For Third-Party Apps

Daryl Morey’s $50,000 Mistake Could Have Been Avoided. Here’s How To Check Permissions For Third-Party Apps

BOSTON, MA – MARCH 3: Daryl Morey and Jessica Gelman pass a ping pong ball between each other during … [+] a portrait shoot in the Kraft Analytics Group office in Foxborough, MA on Feb. 3, 2020. The pair co-founded the Sloan Sports Analytics Conference at MIT and their self proclaimed “yin-yang” personalties play on each others managing styles and strong friendship. (Photo by Blake Nissen for The Boston Globe via Getty Images)

Boston Globe via Getty Images

Daryl Morey, the President of Basketball Operations for the Philadelphia 76ers, was fined $50,000 by the National Basketball Association (NBA) on Monday for tweeting about James Harden, a star player an a competing team. Under normal circumstances, this is a pretty cut and dry violation of the league’s anti-tampering rules — and one that is filled with intrigue, considering Harden plays for a team that previously employed Morey as General Manager.

The thing is, Morey never actually wrote the tweet, nor did he hit send on it. The tweet was actually an automated message sent by a third-party app called Twitter Memories.

Twitter Memories, which was developed by OnThisDay.me and is not associated with Twitter, is a pretty simple concept: it surfaces tweets that you sent out years prior on a given day. In Morey’s case, it pulled a tweet from one year earlier. At the time, he was still the general manager of the Rockets. In celebration of James Harden becoming the Houston Rockets’ all-time leader in assists, Morey tweeted out a graphic highlighting the achievement. The tweet was sent on December 20, 2019.

One year later, on December 20, 2020, the tweet was given new life by Twitter Memories. The app retweeted the original message with the text, “#OnThisDay 1 year(s) ago — twitter memories via onthisday.me.” While that’s a pretty mundane tweet in the grand scheme of things, it was enough to trip the NBA’s wire. Even though Morey deleted the tweet, the league hit him with a $50,000 fine simply for tweeting about an opposing team’s player.

Morey’s mistake was granting Twitter Memories, a third-party app, permissions on his Twitter account. When using the app, it asks for authorization to perform certain actions on your account. Those actions include: See Tweets from your timeline; see your Twitter profile information and account settings; see accounts you follow, mute, and block; follow and unfollow accounts for you; update your profile and account settings; create, manage, and delete Lists and collections for you; mute, block, and report accounts for you; and most crucially, post tweets for you. The app did just that for Morey, and a fine from the NBA league offices quickly followed.

To avoid the same fate as Morey, make sure to check all of the permissions that third-party apps ask for when giving them access to your account. Is there any reason an app designed to surface memories needs permission to block accounts for you, let alone post tweets under your name? Of course not! But in providing a relatively simple service, some apps get greedy and ask for extra, potentially permissions.

To check what third-party apps currently have access to your Twitter account, open the Security and privacy menu. Navigate to the Security and account access menu, select Apps and sessions, then Connected apps. Here, you’ll find all of the third-party apps that are currently connected and what kind of access they have to your account. Click on an individual app to see the details, and if you believe an app is accessing too much, simply click the Revoke Access button. This will remove the app’s ability to see or do anything with your Twitter account.

This simple security check could be enough to save you from an embarrassing accidental tweet or, if you happen to be a top executive for an NBA franchise, a $50,000 deduction on your next paycheck.