Wednesday, March 26, 2014

What to do if Twitter account hijacked & sending out spam DM's or tweets

This post was first published Nov. 2, 2009, and has been modified from time to time

Twitter is often plagued with people's accounts being infected, then sending out spam direct messages (DM's) or tweets, such as "is this you", or "Hey somebody is saying really bad things about you", or other things calculated to tempt you to click on a link.

Probably the way you got infected was by clicking on one of those links when you received it, and then doing something at the site to which you were connected.

If this happens to your account:

1. Go to your profile "settings".

2. Change your password to a new password having a different length.

3. Go to Settings >Apps and revoke access to everything you see.

4. Go to Settings  > Account and make sure your email address is right.

5. Exit from Twitter.

6. Clear your browser cache.

7. Exit your browser.

8. Restart the browser, and log in to Twitter with your new password.

9. Go to Settings>Apps again to make sure that there are no apps which still have access.

And in the future, don't ever click on any DM or tweet link unless you're totally sure of it.

If you receive a spam DM or tweet there are basically 2 things to do:

1. if it's an account you don't know, delete the DM or tweet

2. if it's an account you do know, notify them that their account has been hacked (and if you like you can refer them to this article)

It's not a bad idea to visit your Settings > Apps page, from time to time, and see if there are any unfamiliar apps in there. If so, revoke access to them. If you need them in the future, you'll be prompted.

(Short URL for this article: http://goo.gl/0A01eD  )

39 comments:

  1. That is a very good practice and a very good advice sir. :)

    ReplyDelete
  2. Changing your password can lock you out of your account:

    We’re currently researching reports from users who are locked out after trying to reset their passwords or change their email address or user names. This seems to affect new users as well as long term users; we do not advise changing your user name, email address, or password at this time. We will update Status with more news as it becomes available.

    Update (Thursday 3:58pm): We’re still working on this problem, and encourage you not to make changes to your email address, password, or user name during this time.

    ReplyDelete
  3. This just happened to me yesterday and unfortunately I lost alot of followers because of it...lesson learned. I'm tempted however to take a step further by reporting the owners of the site that folks were being linked to. Thanks Ray. I think I lost you too, but it looks like you're back with me :)

    ReplyDelete
  4. Should also

    a) verify that your associated email hasn't changed

    b) change the password on your associated email if the password is the same.

    ReplyDelete
  5. Anonymous, thank you for those 2 GREAT suggestions. I'm going to add them into the body of my blog post!!!

    ReplyDelete
  6. Ray, I agree Anonymous had great comments, but why are you still recommending people risk being locked out of their account by recommending they change their password?

    Besides which changing your Twitter password does NOT block all access to your account: http://j.mp/vre9c

    ReplyDelete
  7. I'm not usually one to give the folks at Twitter much credit BUT after my incident above, they did send me a notice informing me that they changed my password for me and that I needed to click a link to create a new one. Two problems I had with this:
    1. I didn't trust them as a sender
    2. They sent it a day after I discovered the attack and had already changed my password.
    What could I do? I had to use the link they gave me and prayed that I wasn't being tricked again...

    ReplyDelete
  8. I would also immediately tweet that my account had been hacked to warn anyone watching, and then go through close followers and DM them a warning not to open any DMs from me containing links in case they missed it on the timeline.
    I hope I never have to follow my own advice, and can anyone confirm it is safe to tweet before changing password etc? (I would save the DMs which are time consuming until I had secured my account from further harm).

    ReplyDelete
  9. Thanks for this advice. I did everything you suggested, but what about mobile apps like Tweetie2? Now that I have changed my password at Twitter, Tweetie2 is saying "error, cannot authenticate."

    ReplyDelete
  10. You mentioned OAUTH at the end of your article, and that's very important... never use a twitter app that doesn't use OAUTH. If you have to enter your username/pass from a place other than twitters interface (verify it's real too!), then you're asking for serious trouble.

    I wrote up an article on Twitter security a while back that may be useful as well - especially related to OAUTH.
    http://www.kettlewell.net/twitter-security-buyer-beware/

    ReplyDelete
  11. kettlewell....

    you happen to be DEAD WRONG

    the vast majority of the spam DM's are coming through OAuth security defects

    if you're a tech person you should be familiar with the numerous tech advisories that have been written on OAuth security vulnerabilities

    ReplyDelete
  12. OAUTH may have it's problems - true.

    However, you need to be an accomplished and informed programmer/hacker to implement them.

    But an HTML form integrated into a Twitter app that intercepts your user/pass can be done by your average Joe.

    That's why I recommend OAUTH (vs no auth) And because it's under constant scrutiny it gets fixes to minimize such abuse.

    I'm not a security guru by any stretch, so I haven't done any extensive research on the percentage of DM's that use OAUTH exploits. If you have some authoritative articles to share on the subject, I'd be grateful for the read and re-education.

    ReplyDelete
  13. Kettlewell, here are a couple of advisories mentioning some of the potential problems with OAuth.

    http://oauth.net/advisories/2009-1

    http://wiki.github.com/mbleigh/twitter-auth/twitterauth-and-the-oauth-security-advisory

    I personally have a feeling that more of the hacks have been from OAuth related security breaches than password related security breaches.

    ReplyDelete
  14. Thank you, I got hacked just now and followed these instructions. I hope it's stopped now... and I didn't get locked out...

    ReplyDelete
  15. Thanks Ray

    It's an awful shock to the system when you get lots of emails about your account being hacked. I changed password now and checked out those connections but they don't seem to be anything to worry about as they are bonafide companies. Or are they? Ning,myspace,facebook,linkedIn,Ecademy and Wefollow

    I wonder is there another way they can hack?



    There is so much going on with twitter you hardly know which link to click anymore. If you are going to retweet then you have to click the link to be sure that it is a worthwhile post. I do this all the time but on one occasion I was sent to a rather nasty site and could not get off it. Even when I clicked the little x top corner to close it down I was sent somewhere else even nastier. Then it froze my computer up.Has anyone else had these probelms?

    Karen

    ReplyDelete
  16. I don't know the answer, Karen, about the OAuth apps.

    What I'm suggesting with them may be, in fact definitely is, overkill. But there are grave security problems with OAuth.

    What I've started doing is to leave a few which I totally trust, and just revoke access to the others, or to those which I'm not using on a daily basis.

    The security breaches aren't necessarily resolved by determining that the company is a reputable company.

    ReplyDelete
  17. I have a firefox add-on that shows you the full URL when you right-click on a shortened URL It's great for twitter. http://www.voizle.com/ Click on "Mozilla Add-on"

    ReplyDelete
  18. Really surprised that step 1 isn't checking to ensure all software's up to date and the system's scanned for malware and viruses. Should always do that on any obviously compromised system before changing passwords. And these days with the possibility of using unsecured WIFI at netcafes, etc., one should also get to a known safe network as well.

    ReplyDelete
  19. Dear Anonymous

    Your suggestions are of course well taken.

    Experience has shown that when people take the steps outlined in the article, the problem with Twitter DM hacks is resolved..... but your good ideas should be considered as well.

    ReplyDelete
  20. thanks, this information was really helpful!!! i think the DMs have pretty much stopped for now:)

    ReplyDelete
  21. I just received a dm a few days ago from someone but I didnt click it at all.

    Thanks will try to follow the steps above.

    Thanks a bunch once again.

    ReplyDelete
  22. I just got hacked a few days ago and I changed my password to stop it. However, the person clicked the "forgot your password?" button and changed my password. This is going on and on and on. Is there a way I can stop it????

    ReplyDelete
  23. You should change password to new password of different length.

    You should revoke access to all apps.

    The only way they can change your password with the forgot your password link is if they have access to your email account. So you have much bigger problems than your twitter account.

    You'd better get a professional to help.

    ReplyDelete
  24. Thanks Ray! I guess I can't stop this person by myself, but I was wondering if I de-acctivate my account... Will it help?

    ReplyDelete
  25. In my opinion it's got nothing to do with your twitter account, it's got to do with someone hacking into your computer with a key reader, or something like that. You need serious professional tech help in my opinion and shouldn't use your computer until you do.

    The only thing Twitter's 'forgot your password' function does is send a reset to your email address.

    The only way it could be used by someone else to reset your password is if they had access to your emails.

    ReplyDelete
  26. Thanks Ray! I wrote a similar post and incorporated your idea of checking to make sure the email address hasn't changed - very helpful. I'll make sure to give you a shoutout. :)

    ReplyDelete
  27. I've changed my email my password & I've revoked access to all apps, but my twitter account keeps following people. I even changed my email passwords! Please help me!

    ReplyDelete
  28. I have no idea what your problem is. It seems to me you need a professional IT person to take a look at your computer.

    ReplyDelete
  29. I use my itouch so it can't be my computer.

    ReplyDelete
  30. wy cant they make the site more secure lyk FB. the xact same thing happpnd to me which u hv mentioned above. hate the hackers

    ReplyDelete
  31. I agree. It's a vulnerability which has existed for at least 4 years. I don't see why Twitter can't stop it.

    ReplyDelete
  32. And can u sir plz tel me if my account will be safe in future? i changed my password n revoked access to apps. Is there any chance of my account being hacked again?

    ReplyDelete
  33. I can't give you assurances like that; I don't know the environment in which you operate.


    What I do know is that a common source of this problem is someone sending you a URL by DM, and you clicking it on.

    So if you don't click on URL's in DM's you will be safer.

    ReplyDelete
  34. I'll make sure of that. i mostly use the twitter android app.
    thank you very much anyways!

    ReplyDelete
  35. Be sure to log out of Twitter on phones & mobile devices as well as computers.

    ReplyDelete
  36. I agree. It's a vulnerability which has existed for at least 4 years. I don't see why Twitter can't stop it.

    ReplyDelete
  37. can you change your twitter password while you are logged in somewhere else

    ReplyDelete

I have a few simple comment rules:

(a) No

1. rudeness
2. falsehood
3. deception
4. unfair tactics
5. comment spam
6. shilling or trolling

(b) stay on topic, and

(c) if you're anonymous, use a handle so we can distinguish you from other anonymous commenters.

Thanks for commenting.

Ray