Wednesday, March 26, 2014

What to do if Twitter account hijacked & sending out spam DM's or tweets

This post was first published Nov. 2, 2009, and has been modified from time to time

Twitter is often plagued with people's accounts being infected, then sending out spam direct messages (DM's) or tweets, such as "is this you", or "Hey somebody is saying really bad things about you", or other things calculated to tempt you to click on a link.

Probably the way you got infected was by clicking on one of those links when you received it, and then doing something at the site to which you were connected.

If this happens to your account:

1. Go to your profile "settings".

2. Change your password to a new password having a different length.

3. Go to Settings >Apps and revoke access to everything you see.

4. Go to Settings  > Account and make sure your email address is right.

5. Exit from Twitter.

6. Clear your browser cache.

7. Exit your browser.

8. Restart the browser, and log in to Twitter with your new password.

9. Go to Settings>Apps again to make sure that there are no apps which still have access.

And in the future, don't ever click on any DM or tweet link unless you're totally sure of it.

If you receive a spam DM or tweet there are basically 2 things to do:

1. if it's an account you don't know, delete the DM or tweet

2. if it's an account you do know, notify them that their account has been hacked (and if you like you can refer them to this article)

It's not a bad idea to visit your Settings > Apps page, from time to time, and see if there are any unfamiliar apps in there. If so, revoke access to them. If you need them in the future, you'll be prompted.

(Short URL for this article: http://goo.gl/0A01eD  )
Posted by raybeckerman at 8:53 PM

39 comments:

  1. Mohd HishamNovember 2, 2009 at 8:18 PM

    That is a very good practice and a very good advice sir. :)

    ReplyDelete
  2. DaveNovember 2, 2009 at 8:23 PM

    Changing your password can lock you out of your account:

    We’re currently researching reports from users who are locked out after trying to reset their passwords or change their email address or user names. This seems to affect new users as well as long term users; we do not advise changing your user name, email address, or password at this time. We will update Status with more news as it becomes available.

    Update (Thursday 3:58pm): We’re still working on this problem, and encourage you not to make changes to your email address, password, or user name during this time.

    ReplyDelete
  3. UnknownNovember 3, 2009 at 3:39 PM

    This just happened to me yesterday and unfortunately I lost alot of followers because of it...lesson learned. I'm tempted however to take a step further by reporting the owners of the site that folks were being linked to. Thanks Ray. I think I lost you too, but it looks like you're back with me :)

    ReplyDelete
  4. AnonymousNovember 4, 2009 at 10:43 AM

    Should also

    a) verify that your associated email hasn't changed

    b) change the password on your associated email if the password is the same.

    ReplyDelete
  5. raybeckermanNovember 4, 2009 at 12:44 PM

    Anonymous, thank you for those 2 GREAT suggestions. I'm going to add them into the body of my blog post!!!

    ReplyDelete
  6. DaveNovember 4, 2009 at 9:20 PM

    Ray, I agree Anonymous had great comments, but why are you still recommending people risk being locked out of their account by recommending they change their password?

    Besides which changing your Twitter password does NOT block all access to your account: http://j.mp/vre9c

    ReplyDelete
  7. UnknownNovember 5, 2009 at 10:14 AM

    I'm not usually one to give the folks at Twitter much credit BUT after my incident above, they did send me a notice informing me that they changed my password for me and that I needed to click a link to create a new one. Two problems I had with this:
    1. I didn't trust them as a sender
    2. They sent it a day after I discovered the attack and had already changed my password.
    What could I do? I had to use the link they gave me and prayed that I wasn't being tricked again...

    ReplyDelete
  8. CyberdoyleNovember 5, 2009 at 5:48 PM

    I would also immediately tweet that my account had been hacked to warn anyone watching, and then go through close followers and DM them a warning not to open any DMs from me containing links in case they missed it on the timeline.
    I hope I never have to follow my own advice, and can anyone confirm it is safe to tweet before changing password etc? (I would save the DMs which are time consuming until I had secured my account from further harm).

    ReplyDelete
  9. AnonymousNovember 11, 2009 at 5:12 AM

    Thanks for this advice. I did everything you suggested, but what about mobile apps like Tweetie2? Now that I have changed my password at Twitter, Tweetie2 is saying "error, cannot authenticate."

    ReplyDelete
  10. kettlewellNovember 11, 2009 at 10:08 AM

    You mentioned OAUTH at the end of your article, and that's very important... never use a twitter app that doesn't use OAUTH. If you have to enter your username/pass from a place other than twitters interface (verify it's real too!), then you're asking for serious trouble.

    I wrote up an article on Twitter security a while back that may be useful as well - especially related to OAUTH.
    http://www.kettlewell.net/twitter-security-buyer-beware/

    ReplyDelete
  11. raybeckermanNovember 11, 2009 at 12:29 PM

    kettlewell....

    you happen to be DEAD WRONG

    the vast majority of the spam DM's are coming through OAuth security defects

    if you're a tech person you should be familiar with the numerous tech advisories that have been written on OAuth security vulnerabilities

    ReplyDelete
  12. kettlewellNovember 11, 2009 at 12:47 PM

    OAUTH may have it's problems - true.

    However, you need to be an accomplished and informed programmer/hacker to implement them.

    But an HTML form integrated into a Twitter app that intercepts your user/pass can be done by your average Joe.

    That's why I recommend OAUTH (vs no auth) And because it's under constant scrutiny it gets fixes to minimize such abuse.

    I'm not a security guru by any stretch, so I haven't done any extensive research on the percentage of DM's that use OAUTH exploits. If you have some authoritative articles to share on the subject, I'd be grateful for the read and re-education.

    ReplyDelete
  13. noneyaDecember 9, 2009 at 3:17 PM

    Great advice, Ray!

    ReplyDelete
  14. raybeckermanDecember 9, 2009 at 3:27 PM

    Thanks, Lanae, much appreciated.

    ReplyDelete
  15. raybeckermanDecember 9, 2009 at 3:29 PM

    Kettlewell, here are a couple of advisories mentioning some of the potential problems with OAuth.

    http://oauth.net/advisories/2009-1

    http://wiki.github.com/mbleigh/twitter-auth/twitterauth-and-the-oauth-security-advisory

    I personally have a feeling that more of the hacks have been from OAuth related security breaches than password related security breaches.

    ReplyDelete
  16. HeatherinSFFebruary 20, 2010 at 8:05 PM

    Thank you, I got hacked just now and followed these instructions. I hope it's stopped now... and I didn't get locked out...

    ReplyDelete
  17. KarenFebruary 24, 2010 at 8:48 AM

    Thanks Ray

    It's an awful shock to the system when you get lots of emails about your account being hacked. I changed password now and checked out those connections but they don't seem to be anything to worry about as they are bonafide companies. Or are they? Ning,myspace,facebook,linkedIn,Ecademy and Wefollow

    I wonder is there another way they can hack?



    There is so much going on with twitter you hardly know which link to click anymore. If you are going to retweet then you have to click the link to be sure that it is a worthwhile post. I do this all the time but on one occasion I was sent to a rather nasty site and could not get off it. Even when I clicked the little x top corner to close it down I was sent somewhere else even nastier. Then it froze my computer up.Has anyone else had these probelms?

    Karen

    ReplyDelete
  18. raybeckermanFebruary 24, 2010 at 12:13 PM

    I don't know the answer, Karen, about the OAuth apps.

    What I'm suggesting with them may be, in fact definitely is, overkill. But there are grave security problems with OAuth.

    What I've started doing is to leave a few which I totally trust, and just revoke access to the others, or to those which I'm not using on a daily basis.

    The security breaches aren't necessarily resolved by determining that the company is a reputable company.

    ReplyDelete
  19. AustraliaVotesFebruary 26, 2010 at 2:59 AM

    I have a firefox add-on that shows you the full URL when you right-click on a shortened URL It's great for twitter. http://www.voizle.com/ Click on "Mozilla Add-on"

    ReplyDelete
  20. AnonymousFebruary 26, 2010 at 3:07 AM

    Really surprised that step 1 isn't checking to ensure all software's up to date and the system's scanned for malware and viruses. Should always do that on any obviously compromised system before changing passwords. And these days with the possibility of using unsecured WIFI at netcafes, etc., one should also get to a known safe network as well.

    ReplyDelete
  21. raybeckermanFebruary 26, 2010 at 11:13 AM

    Dear Anonymous

    Your suggestions are of course well taken.

    Experience has shown that when people take the steps outlined in the article, the problem with Twitter DM hacks is resolved..... but your good ideas should be considered as well.

    ReplyDelete
  22. EvaleenMay 8, 2012 at 8:59 AM

    thanks, this information was really helpful!!! i think the DMs have pretty much stopped for now:)

    ReplyDelete
  23. AnonymousMay 25, 2012 at 4:52 PM

    I just received a dm a few days ago from someone but I didnt click it at all.

    Thanks will try to follow the steps above.

    Thanks a bunch once again.

    ReplyDelete
  24. AnonymousJuly 21, 2012 at 3:26 PM

    I just got hacked a few days ago and I changed my password to stop it. However, the person clicked the "forgot your password?" button and changed my password. This is going on and on and on. Is there a way I can stop it????

    ReplyDelete
  25. raybeckermanJuly 21, 2012 at 11:05 PM

    You should change password to new password of different length.

    You should revoke access to all apps.

    The only way they can change your password with the forgot your password link is if they have access to your email account. So you have much bigger problems than your twitter account.

    You'd better get a professional to help.

    ReplyDelete
  26. AnonymousJuly 22, 2012 at 10:10 AM

    Thanks Ray! I guess I can't stop this person by myself, but I was wondering if I de-acctivate my account... Will it help?

    ReplyDelete
  27. raybeckermanJuly 22, 2012 at 12:38 PM

    In my opinion it's got nothing to do with your twitter account, it's got to do with someone hacking into your computer with a key reader, or something like that. You need serious professional tech help in my opinion and shouldn't use your computer until you do.

    The only thing Twitter's 'forgot your password' function does is send a reset to your email address.

    The only way it could be used by someone else to reset your password is if they had access to your emails.

    ReplyDelete
  28. StephanieAugust 20, 2012 at 4:12 PM

    Thanks Ray! I wrote a similar post and incorporated your idea of checking to make sure the email address hasn't changed - very helpful. I'll make sure to give you a shoutout. :)

    ReplyDelete
  29. MicahSeptember 9, 2012 at 5:23 PM

    I've changed my email my password & I've revoked access to all apps, but my twitter account keeps following people. I even changed my email passwords! Please help me!

    ReplyDelete
  30. raybeckermanSeptember 9, 2012 at 8:47 PM

    I have no idea what your problem is. It seems to me you need a professional IT person to take a look at your computer.

    ReplyDelete
  31. MicahSeptember 10, 2012 at 12:07 AM

    I use my itouch so it can't be my computer.

    ReplyDelete
  32. AnonymousSeptember 23, 2012 at 11:06 PM

    wy cant they make the site more secure lyk FB. the xact same thing happpnd to me which u hv mentioned above. hate the hackers

    ReplyDelete
  33. raybeckermanSeptember 23, 2012 at 11:49 PM

    I agree. It's a vulnerability which has existed for at least 4 years. I don't see why Twitter can't stop it.

    ReplyDelete
  34. AnonymousSeptember 24, 2012 at 4:36 AM

    And can u sir plz tel me if my account will be safe in future? i changed my password n revoked access to apps. Is there any chance of my account being hacked again?

    ReplyDelete
  35. raybeckermanSeptember 24, 2012 at 7:32 PM

    I can't give you assurances like that; I don't know the environment in which you operate.


    What I do know is that a common source of this problem is someone sending you a URL by DM, and you clicking it on.

    So if you don't click on URL's in DM's you will be safer.

    ReplyDelete
  36. AnonymousSeptember 25, 2012 at 3:14 AM

    I'll make sure of that. i mostly use the twitter android app.
    thank you very much anyways!

    ReplyDelete
  37. www.stephenpbrown.comOctober 17, 2012 at 12:07 AM

    Be sure to log out of Twitter on phones & mobile devices as well as computers.

    ReplyDelete
  38. jerseys cheapDecember 28, 2012 at 1:28 AM

    I agree. It's a vulnerability which has existed for at least 4 years. I don't see why Twitter can't stop it.

    ReplyDelete
  39. AnonymousJanuary 24, 2013 at 1:43 AM

    can you change your twitter password while you are logged in somewhere else

    ReplyDelete

I have a few simple comment rules:

(a) No

1. rudeness
2. falsehood
3. deception
4. unfair tactics
5. comment spam
6. shilling or trolling

(b) stay on topic, and

(c) if you're anonymous, use a handle so we can distinguish you from other anonymous commenters.

Thanks for commenting.

Ray

Subscribe to: Post Comments (Atom)