Monday, 19 September 2016

What to Do if Your Twitter Gets Hacked

I don't go on Twitter as much as I probably should. So imagine my surprise when I logged on and found that I had a lot more followers than I remembered. I'd gone from a few hundred to over a thousand. It was pretty obvious that my Twitter had been hacked. The strangest thing is that they didn't tweet anything or even send any messages. They just followed a lot of followers. I guess I was part of a botnet for a while? Anyway, here's what I learned about what to do when your Twitter account gets hacked because their support team was utterly shite.

The first thing you want to do, obviously, is change your password. For whatever reason changing my password actually caused my account to be locked. Looking through my emails showed me that Twitter detected suspicious activity about a month ago but didn't actually lock my account or anything. It took me changing my password to protect my account for them to be like "Hey, we think your account was hacked so we need to change your password again." I changed my password, unfollowed all the new accounts, and hoped that would be the end of it.

Of course it wasn't.

The next day I was back to 1000 followers. See; Twitter doesn't log you out of apps when you change your password. Other services will typically log you out of all instances of your account when you change your password but Twitter won't. This was when I emailed the support team and told them someone was accessing my account from an app and if they could log me out of all instances of my account. Instead I got an email telling me *how to log on*. What a fucking waste of time.

That was when I got the bright idea to just search online for the answers. I should have done that right from the start really. That's when I learned that you aren't logged out of apps and services by changing your password. You have to go through your account settings to the "Apps" setting. From there revoke the access for everything that you aren't using and all the apps on there. That logs you out of everything. All you need to do is re-verify your actual app when you log back in. Or just leave it if you aren't using the app.

At that point I changed my password one more time. I went through three Twitter passwords in 24 hours. Bloody hell.

Well there you have it. If you notice that your Twitter has been hacked revoke access for all the apps in your settings, change your password, and grant permission to your own apps once more.


  1. Hasn't happened to me on twitter (yet). I don't understand how that sort of thing works - who does it benefit to break into an account to follow people?

  2. Interesting fact: I was in the first million users of Twitter.

    Hope your account is now secure.

  3. And here I thought "check your permissions" was pretty common knowledge for any service where you can give third parties access to account functionality. They don't reset when you change your password, because they aren't authenticated using your password. That'd be potentially unsecure! Instead, when you click "allow access" or whatever, Twitter sends the app a special "token" which it can then use to do at most the things you allowed it to. If you ever allowed a third party to follow others using your account, well, that's on you.
    Not the kind of news users like to hear, but a little "safe browsing 101" goes a long way. Stay safe!

  4. If my Twitter was hacked I doubt I would know since I rarely use Twitter

  5. I've found the exact same thing with Twitter. It's very easy to fall afoul of problems even when you've done next to nothing wrong and it's a lot harder to actually get Twitter to fix it. I'm glad it's all good and working now anyway Mark.

  6. Could someone hack our twitter so we can get thousands of followers? Preferably without sending any spammy messages? Because that sounds like a pretty awesome problem to have.

  7. Yes when you enable those apps some of them can take control of your account and do all kinds of crazy stuff. If you use your twitter to comment on websites you have to enable an app and it will show a disclaimer that you are giving them the authority to do A, B,D, and C etc. You may have enabled it and forgot about it.


Don't forget to subscribe to comments so you know if I say something back. If you want that is.


Related Posts Plugin for WordPress, Blogger...