All of the sudden, the people who follow you on Twitter have complained that you’ve been sending them Direct Messages or open Tweets with links to spam sites or malware. The problem is, you didn’t send any of the messages and the last time you did Spam was right after a Hurricane (Spam really is good disaster food, but that’s a blog post for another day).
Obviously, your account has been compromised and someone is sending DM’s and Tweets without your knowledge or permission. What do you do?
First of all, don’t panic. Your personal information is almost certainly safe—there is very little information that you’ve given Twitter that could be used to steal your identity. But you do need to regain control of your account and doing so is easy.
Step 1: Follow this link and immediately revoke access to any applications that you’ve used very recently or simply don’t recognize. More than likely, the last one or two apps you’ve used is the culprit. But make sure you scroll through the entire list and revoke access to apps that you don’t recognize or authorized long ago and no longer use. I have two apps that can tweet on my behalf: Feedly and Windows Live Writer (the desktop application I use to write blog posts). That’s it.
Step 2: Follow this link and immediately change your password. More than likely, the rogue app that’s tweeting and DM-ing on your behalf isn’t malicious. Its author isn’t out to take over your account—his goal is to drive traffic to his site or his client sites. But if your twitter password is the same or similar to the password you’ve used on other sites, there’s a vulnerability that you need to address.
Make passwords hard to guess, please. Use a mix of uppercase and lowercase letters and add numbers (and special characters, if permitted). If a password is easy for you to remember, then it’s easy for a hacker to guess, especially if s/he knows you.
Step 3: Don’t grant access to applications on Twitter that you don’t absolutely need. There are lots of fun and tempting applications out there that sound great when you first encounter them. But once they’re in, everything that the app disclosed it could do, it eventually will do.
Step 4: Don’t feel bad or embarrassed if a Twitter app takes control of your timeline and starts DM-ing your friends. It happens a lot. I am following about 1,100 people and it’s a rare week when someone doesn’t send me a DM that says: “I can’t believe they’re saying this about you!” In just the last three months, some of the people I follow who’ve have had their accounts compromised include a prominent NCAA official, a talented journalist, a gifted print editor/columnist, a crack recruiting insider, two bloggers and an IT expert.