Today my Twitter account was hacked and unfortunately many of my followers had to suffer the consequences of ‘Twitter Spam’. Almost 300 of my followers received a DM from me that read “found this video of you lol (link)” or something like that. It’s a phishing site (learn more about phishing sites here) that takes you to a fake twitter login page so it can retrieve your username and password and spam from your account.
There are many known issues and Twitter exploits that can send you off to another page, change your account details, send tweets, add or delete followers, etc.
Anyone who uses Twitter, has intermediate coding skills and some time on their can easily write a script that can be malicious. Not all exploits cause major damage or annoy your followers, some simply open pop up windows or redirect you to pornographic sites. Either way it is a hassle.
What can I do to fix this?
If your Twitter account has been compromised there are some steps you can take to remedy the situation.
- Start by looking at who is following you. Unfollow anyone who you don’t know or looks dodgy.
- Check your authorized apps at http://twitter.com/account/… in case there’s something suspect to revoke. Thank you @JeromeParadis for this tip!
- File a ticket with Twitter Support (I wouldn’t hold your breath, but it’s worth a try).
Simple steps to stay safe!
There is no guarantee you will never be hacked. I’m very careful, yet It still happened to me.
- Follow @spam profile and report Twitter spam via direct message
- Never click on a link that looks dodgy. DM the sender first and ask if they sent it.
- Be careful when entering your Twitter credentials on 3rd party sites or applications. Check they a trustworthy first.
- Use a dedicated application like TweetDeck, TwitterFox or HootSuite. It’s much safer than tweeting through your browser, however there is never a guarantee!
I’m still suffering the repercussions of being hacked. Twitter automatically reset my password due suspicious behavior. Basically I reached my limit of a 150 API calls and they shut me down. At least they recognized it was not me actually sending the tweets. After I reset my password I was locked out of TweetDeck and TwitterTools and Lifetsream (WordPress plugins I use to syndicate my Twitter feed). The password reset did stop the spam and hopefully tomorrow I will be able access my applications again.
I wont stop using using Twitter because of this experience. I’ll just have to be even more careful in the future.