A compromised Twitter account: regaining control!
Posted by Celia Walter | 23 Feb, 2010What is a compromised account, and how would you know?
If you notice that you have apparently been sending out tweets that you
were not aware of, or followers start to tell you that you've been
sending them Direct Messages that you didn't send, your account has
almost certainly been compromised.
A third party application will have got access to the account and is
tweeting and sending out DMs on your behalf. Very often such messages
are designed to entice someone to follow a link back to the malicious
application so that their account becomes compromised as well, or it
might link to a sex site or some other site that you'd really rather
not be associated with!
How did my account become compromised?
Almost certainly because you followed a link from someone that you
trusted yourself. That's why these things are so annoying, and why they
can spread across Twitter so quickly - you trust the people you follow,
and your followers trust you. In all probability therefore you clicked
on a link that you'd been sent. This might have taken you to another
page, that looked exactly like the Twitter login page, and you may have
shrugged your shoulders and logged in again. However, this was NOT
Twitter - it was a page set up by the creator of the malicious
application, and it will now have captured your details.
You may then find that you get routed back to Twitter, leaving you
wondering what the message was all about, or it might take you to a
boring page which you will then leave. By then however, the damage is
done.
Help! My account is compromised - what do I do?
The good news is that you can regain control over your account quickly.
Make sure that you log into your account - I would go to the address
bar in the browser and type it in by hand, (or follow this link to Twitter)
and log yourself in. Then go to your Settings page (top right hand
corner), and click on Password. Change your password, verify it, and
confirm the change. Second, click on Connections. This will take you to
a list of third party applications that you have allowed to access your
Twitter account. Run your eye down the list, and make sure you
recognise them all. If you don't, hold your mouse cursor over the
title, and check the site that it will take you to. If you still don't
recognise the application, click on 'Revoke Access'. This will tell
Twitter to stop allowing the resource to use your information. Don't
worry if you've made a mistake - you can always return to the
application website in the future and allow access again.
Congratulations - you now control your Twitter account again. But
remember - never trust anyone on Twitter, even close friends! If you've
been sent a DM with a link in it that you weren't expecting, ask them
what it is. If you see a link in a Tweet that you don't expect, or
which is out of character, check before clicking on it.
There is also a two minute screen cast to help you.