Friday, November 1, 2013

Fix it: Hacked Twitter account

Recently there is a spate of Twitter account that have been hacked and spewing out spam tweets and direct messages to followers that says

Hi someone is posting horrible things about you...

The shortened URL (address) and message may vary. Here is another variant:

Hi someone is saying nasty rumors about you...
But they all lead to and have a similar suppose: to steal your Twitter account login details so they (the hackers) can pose as you.

How to fix it? Well the solution is easy, change your Twitter account password. Also change any other accounts that use a similar password. If you don't know how to do this, see this Twitter support article. For your convenience the instructions have been copied over.

  1. From your logged in account, click Settings in the upper right hand top navigation bar.
  2. Click on the Password tab.
  3. Enter your current password.
  4. Choose your new password.
  5. Save your changes by clicking Save changes.

If you are unable to log in to your account, you may try resetting your password:

How to send yourself a password reset via email:

  1. Click the Forgot password? link. Or click here
  2. Enter your email address or Twitter username.
  3. Enter your mobile phone number, if prompted, in the format suggested. (Forgot your number? Contact support for assistance.)
  4. Check your email inbox. Twitter will immediately send a message to your account's email address.
  5. Click the reset link in that email.
  6. Choose a new password

How to send yourself a password reset via SMS:

If you've added your mobile number to your account in your Mobile settings, you may receive a password reset via SMS/text message.
  1. On a computer, go to the Forgot password? page and enter your username (or email address).
  2. Enter your mobile number.
  3. Select Reset via phone.
  4. Twitter will text you a six digit code that is valid for 15 minutes. 
  5. Enter this code on the Twitter website. Use the code given and enter it in the space given. You will then be prompted to change your password.
Not receiving the SMS code?
  • It may take up to a few minutes for you to receive the code.
  • If you do not receive it after a few minutes, try texting HELP to your Twitter short code to ensure you are receiving SMS notifications from Twitter. If you do not receive anything back, please review our SMS troubleshooting page or use the email password reset option above. 
If that doesn't work you may try contacting Twitter customer service. You may also want to check the apps you authorized to your account and remove any you don't recognize. To do this see this Twitter support article. For your convenience the instructions have been copied over.

How to revoke access or remove an application

  1. Review the applications you've connected in the Apps tab of your account settings.
  2. Click the Revoke Access button next to the application.

Clean up

Now that you've secured your account, you may want to clean up your post by deleting all the spammy tweets and direct messages. This can be done by either clicking on delete or on the symbol of the trash can or clicking on the tweet to expand it and them deleting it.


To avoid falling for phishing scams, always check the address bar of the browser or url. Most try to use a url similiar to the site they are trying to imitate. Therefore, check carefully. Avoid phishing, malware, and viruses by examining short URLs before visiting them. Find out where links really take you by expanding those pesky shortened URLs with LongUrl. Also, it is always best to go to the main website itself. In addition, ignore such message as others are spreading rumors about you since it is most likely fake and the account sending the message is compromised. It is also a good idea to keep an up to date AntiVirus on your computer, regardless of your operating system; yes, Apple Macs can get viruses too (see my list of blog posts debunking that myth). For PC I recommend use Norton Internet Security 2012 since I use it myself. Free reputable alternatives include (in no particular order) Avast, Comodo Internet Security, AVG AntiVirus, and Microsoft Security Essentials. Don't flame me if I have forgotten anything. There are many others security products but since I never used them "personally" and have never read about them before I can't recommend them; use them with caution as there are many "rogue" programs that are really malware that try to "trick" you into installing them. For Macs I recommend Norton Internet Security for Macs or Sophos free AntiVirus for Macs. Though I haven't personally tried that, it is made by a republe company with a history in the anti malware industry.