Twitter Hijacking Is Not Cool #NYCC

Twitter Hijacking Is Not Cool #NYCC

Today in News That’s Sketchy As Hell, here’s one of the worst social media gaffes we’ve seen in a very long time: New York Comic Con hijacking peoples’ Twitter accounts without their permission.

See, attendees at the convention this week were given the option to connect their Twitter accounts to their badges, as Mashable reports. This isn’t exactly unusual — in the world of Web 2.0, there are often valid reasons for linking your social media accounts to third parties: identity verification, cool contests… that sort of thing. What is unusual is when those third parties try to tweet for you without your permission.

Yep — someone at Comic Con thought it’d be a good idea to hijack attendees’ Twitter accounts and send out messages without asking. So if you happened to be following, say, Mashable‘s Chelsea Stark, or Polygon‘s Brian Crecente, you might have seen some casual, conversational messages about how amazing the show is.

— Chelsea Stark (@chelseabot) October 10, 2013

So much pop culture to digest! Can’t. handle. the. awesome. #NYCC
— Brian Crecente (@crecenteb) October 10, 2013

Then you might have noticed those folks noticing they’d been hijacked.

RT So much pop culture to digest! Can’t. handle. the. awesome. #NYCC This wasn’t me. It was NYCC tweeting for me :/
— Brian Crecente (@crecenteb) October 11, 2013

And pointing out that they’d never agreed to let NYCC tweet on their behalf.

@WadeKSavage I authorised the NYCC app through twitter, but it never clearly said: we’re posting for you. I know, because I HATE that stuff.
— Chelsea Stark (@chelseabot) October 11, 2013

Obviously, a lot people were pretty pissed about this whole thing. Who the hell wants a convention pretending to be them? IGN’s Greg Miller, for example:

Hey, @NY_Comic_Con. I did not Tweet this. What the hell? Your wifi? Your app?
— Greg Miller (@GameOverGreggy) October 11, 2013

Think these are real tweets?

Or these?

Seriously, this is one of the most heinous Internet gaffes I’ve ever seen. What social media expert thought people would react well to this?

Just this morning, New York Comic Con addressed everyone’s… concerns.

FYI – do not fret if #NYCC-ID tweeted as you yesterday! We shut this opt-in feature off so it won’t happen anymore. Have a blast at NYCC!
— New York Comic Con (@NY_Comic_Con) October 11, 2013

Notice the lack of apology, or regret, or explanation as to why they thought it’d be a good idea to hijack peoples’ Twitter accounts.

We’ve reached out to the folks who run New York Comic Con to ask what on earth they were thinking. We’ll let you know if we hear back.


  • 4 years ago I would have been shocked and disgusted. With the way social media works now though, I’m simply numb.

  • Well, app permissions are exceptionally vague. When you authorize access, you authorize access. They have done nothing illegal – immoral yes, and obviously wrong from an ethical/moral standpoint.

  • It wasn’t “hijacking” or “without permission”, it’s idiots agreeing to shit without reading.

    An effective way to keep companies from tweeting from your account is NOT TO GIVE THEM PERMISSION AND ACCESS TO DO IT.

    Sympathy level here is pretty low.

  • @WadeKSavage I authorised the NYCC app through twitter, but it never clearly said: we’re posting for you. I know, because I HATE that stuff.
    – Chelsea Stark (@chelseabot) October 11, 2013

    But… I don’t actually believe them. They must just be mistaken.

    I deal extensively with the Twitter API for work, and there is no way I’m aware of that you can send a tweet on an account’s behalf without first acquiring this permission via OAuth. At which point it tells you that it will be able to do so.

    • Yeah, from :
      Attendees had authorized NYCC to send tweets on their behalf when they had completed the online registration with their Twitter account

      I can understand why people wouldn’t expect it – applications usually only capture this permission to send stuff when you, say, click a button to share something. This is a valid reason to ask for the permission as it allows Twitter integration that makes the user’s life easier. But the application is also totally within its rights to send out any kind of promotional crap they want: they just have to be aware that people don’t like that, and deal with the consequences.

      So basically, it’s people giving too much liberty away, because it’s *usually* not a problem, and NYCC taking advantage of it in a socially unacceptable way. Nobody is doing anything wrong, per se, but it’s still ethically dodgy. Good news is that this incident should be enough to stop future events abusing this privilege, or even reconsider asking for it in the first place.

Show more comments

Comments are closed.

Log in to comment on this story!