As part of the centenary of Nelson Mandela's birth, the South African Reserve Bank (SARB) is encouraging South Africans to put themselves on a R100 note.
But its chosen way of doing so raises security concerns.
The #MadibaInMe campaign urges potential participants to "take a pledge by updating your profile picture with the Madiba frame, and sharing which values you want to pass on to your fellow South Africans with the hashtag."
Clicking on the "Pledge Now" button takes users to a third-party site not affiliated with the Reserve Bank: Twibbon.
Signing in to Twibbon with a Twitter account allows the site to post tweets on your behalf, follow people for you, and update your profile.
Use of the site also means surrendering private information to it. You can ask Twibbon to restrict its use of the information it collects – by sending an email, to which it promises to respond within 30 days.
The real danger, though, lies in Twibbon being compromised, says Microsoft's regional director for developer security, Troy Hunt.
The Reserve Bank's terms and conditions on its campaign website are great – for the Reserve Bank. Participants specifically absolve the SARB from any liability or damages, including those suffered through third-party sites such as Twibbon.
The Reserve Bank has not responded to Business Insider South Africa questions on its terms or use of Twibbon.
Receive a single email every morning with all our latest news: Sign up here.
Also from Business Insider South Africa: