its really possible and common thru the use of API. because some users dont know what an API means, its a way to give access to an external application to control your account. so if you give away your API to other website or untrusted application then its just the same as handing out your house key to a stranger and then you will be surprised how where they able to get inside your house.