This post was first published Nov. 2, 2009
Twitter has been plagued lately with people's accounts being infected, then sending out spam direct messages (DM's), such as "is this you", or "i found you here", or "look at this", or "i made $426.23 online today with ", or "I make money online with google. i learned how here", or "would you join my twibe", or "i sent you a gift, now you should send me a gift", or "i've added a twable", etc. [Update 5/2/12 10:19 PM: most common spam these days says something like "Hey somebody is saying really bad things about you....]
Probably the way you got infected was by clicking on one of those links when you received it, and then doing something at the site with which you were connected.
I'm not a techie, and if I'm wrong I'd be pleased to be corrected, but in my opinion, if this happens to your account, the best way to deal with the situation is as follows:
1. Go to your profile "settings".
2. Change your password to a new password having a different length.
3. If there's a "connections" tab visible, go to it and revoke access to everything you see.
4. Clear your browser cache.
5. Exit your browser.
6. Log on to twitter again. Make sure there is no "connections" tab showing. If there is, revoke access again to everything, and repeat all of the above.
[Update 11/4/09 12:45 PM. 2 excellent additional suggestions from "Anonymous":]
7. Verify that your associated email hasn't changed.
8. If the password for associated email is the same as the twitter password, change your email password too.
And in the future, don't ever click on any DM link unless you're totally sure of it.
If you receive a spam DM there are basically 2 things to do:
1. if it's someone you don't know, block it and report as spam
2. if it's someone you do know, notify them that their account has been hacked (and if you like you can refer them to this article)
Also what I do now as a regular practice: any time I have to use an "OAuth" twitter application, after I'm done I go back to my profile "settings" "connections" tab, and revoke access to whatever is there.
(Short URL for this article: http://is.gd/4Le1K )
Wednesday, May 2, 2012
Subscribe to:
Post Comments (Atom)
in New York City. My social media activity is an outgrowth of my blogging. My blogging sprang from my belief in the rule of law and in democracy. I'm 
That is a very good practice and a very good advice sir. :)
ReplyDeleteChanging your password can lock you out of your account:
ReplyDeleteWe’re currently researching reports from users who are locked out after trying to reset their passwords or change their email address or user names. This seems to affect new users as well as long term users; we do not advise changing your user name, email address, or password at this time. We will update Status with more news as it becomes available.
Update (Thursday 3:58pm): We’re still working on this problem, and encourage you not to make changes to your email address, password, or user name during this time.
This just happened to me yesterday and unfortunately I lost alot of followers because of it...lesson learned. I'm tempted however to take a step further by reporting the owners of the site that folks were being linked to. Thanks Ray. I think I lost you too, but it looks like you're back with me :)
ReplyDeleteShould also
ReplyDeletea) verify that your associated email hasn't changed
b) change the password on your associated email if the password is the same.
Anonymous, thank you for those 2 GREAT suggestions. I'm going to add them into the body of my blog post!!!
ReplyDeleteRay, I agree Anonymous had great comments, but why are you still recommending people risk being locked out of their account by recommending they change their password?
ReplyDeleteBesides which changing your Twitter password does NOT block all access to your account: http://j.mp/vre9c
I'm not usually one to give the folks at Twitter much credit BUT after my incident above, they did send me a notice informing me that they changed my password for me and that I needed to click a link to create a new one. Two problems I had with this:
ReplyDelete1. I didn't trust them as a sender
2. They sent it a day after I discovered the attack and had already changed my password.
What could I do? I had to use the link they gave me and prayed that I wasn't being tricked again...
I would also immediately tweet that my account had been hacked to warn anyone watching, and then go through close followers and DM them a warning not to open any DMs from me containing links in case they missed it on the timeline.
ReplyDeleteI hope I never have to follow my own advice, and can anyone confirm it is safe to tweet before changing password etc? (I would save the DMs which are time consuming until I had secured my account from further harm).
Thanks for this advice. I did everything you suggested, but what about mobile apps like Tweetie2? Now that I have changed my password at Twitter, Tweetie2 is saying "error, cannot authenticate."
ReplyDeleteYou mentioned OAUTH at the end of your article, and that's very important... never use a twitter app that doesn't use OAUTH. If you have to enter your username/pass from a place other than twitters interface (verify it's real too!), then you're asking for serious trouble.
ReplyDeleteI wrote up an article on Twitter security a while back that may be useful as well - especially related to OAUTH.
http://www.kettlewell.net/twitter-security-buyer-beware/
kettlewell....
ReplyDeleteyou happen to be DEAD WRONG
the vast majority of the spam DM's are coming through OAuth security defects
if you're a tech person you should be familiar with the numerous tech advisories that have been written on OAuth security vulnerabilities
OAUTH may have it's problems - true.
ReplyDeleteHowever, you need to be an accomplished and informed programmer/hacker to implement them.
But an HTML form integrated into a Twitter app that intercepts your user/pass can be done by your average Joe.
That's why I recommend OAUTH (vs no auth) And because it's under constant scrutiny it gets fixes to minimize such abuse.
I'm not a security guru by any stretch, so I haven't done any extensive research on the percentage of DM's that use OAUTH exploits. If you have some authoritative articles to share on the subject, I'd be grateful for the read and re-education.
Great advice, Ray!
ReplyDeleteThanks, Lanae, much appreciated.
ReplyDeleteKettlewell, here are a couple of advisories mentioning some of the potential problems with OAuth.
ReplyDeletehttp://oauth.net/advisories/2009-1
http://wiki.github.com/mbleigh/twitter-auth/twitterauth-and-the-oauth-security-advisory
I personally have a feeling that more of the hacks have been from OAuth related security breaches than password related security breaches.
Thank you, I got hacked just now and followed these instructions. I hope it's stopped now... and I didn't get locked out...
ReplyDeleteThanks Ray
ReplyDeleteIt's an awful shock to the system when you get lots of emails about your account being hacked. I changed password now and checked out those connections but they don't seem to be anything to worry about as they are bonafide companies. Or are they? Ning,myspace,facebook,linkedIn,Ecademy and Wefollow
I wonder is there another way they can hack?
There is so much going on with twitter you hardly know which link to click anymore. If you are going to retweet then you have to click the link to be sure that it is a worthwhile post. I do this all the time but on one occasion I was sent to a rather nasty site and could not get off it. Even when I clicked the little x top corner to close it down I was sent somewhere else even nastier. Then it froze my computer up.Has anyone else had these probelms?
Karen
I don't know the answer, Karen, about the OAuth apps.
ReplyDeleteWhat I'm suggesting with them may be, in fact definitely is, overkill. But there are grave security problems with OAuth.
What I've started doing is to leave a few which I totally trust, and just revoke access to the others, or to those which I'm not using on a daily basis.
The security breaches aren't necessarily resolved by determining that the company is a reputable company.
I have a firefox add-on that shows you the full URL when you right-click on a shortened URL It's great for twitter. http://www.voizle.com/ Click on "Mozilla Add-on"
ReplyDeleteReally surprised that step 1 isn't checking to ensure all software's up to date and the system's scanned for malware and viruses. Should always do that on any obviously compromised system before changing passwords. And these days with the possibility of using unsecured WIFI at netcafes, etc., one should also get to a known safe network as well.
ReplyDeleteDear Anonymous
ReplyDeleteYour suggestions are of course well taken.
Experience has shown that when people take the steps outlined in the article, the problem with Twitter DM hacks is resolved..... but your good ideas should be considered as well.
thanks, this information was really helpful!!! i think the DMs have pretty much stopped for now:)
ReplyDeleteI just received a dm a few days ago from someone but I didnt click it at all.
ReplyDeleteThanks will try to follow the steps above.
Thanks a bunch once again.