21.3.20

What to do if your Twitter account has been hacked?



Losing access to your account can be stressful, but there are steps you can take to get it back – and avoid getting hacked again


Many people who use social media are fans of the blue network, and by blue we mean light blue with a bird and character limit of 280 characters. Tomorrow, Twitter celebrates its 14th birthday and undeniably it has had an impact on our digital lives since its launch. Some people use it as a way to keep up with their favorite celebrities, others to have a quick overview of world affairs, while most usually use it to share opinions with their friends and the world in general.
But what if your Twitter account gets compromised or hacked?

How did I get hacked?
Everyone is a target – from celebrities to regular people. Even Jack Dorsey, Twitter’s CEO, has had his account compromised although in his case, the bad actors gained access using a SIM swapping attack. Criminals sometimes also have access to databases of previously compromised accounts on other services; these include emails, usernames, and passwords.

The now-defunct LeakedSource was one such repository from which hackers were able to obtain the information by running a username through it. If they can get back an email and previously used password, they try their luck with your Twitter. The accounts of Keith Richards of the Rolling Stones and Justin Bieber’s producer Dan Kanter were hacked this way.

Alternatively, this method could be used for credential stuffing: the hackers would use bots to hammer the site with login attempts until they stumble upon the right combination. Since people often recycle their passwords, which makes the job of the ne’er-do-wells simpler.

You also could have fallen victim to a phishing campaign. It’s nothing to feel ashamed about; it happens sometimes, and phishing scams have gotten more complex. The scammers may have sent you an email with a link that redirects you to a website that looks exactly the same as Twitter, asking you to log in. By trying to log into this counterfeit Twitter, you essentially handed them the keys to your Twitter kingdom.

What are the signs that I was hacked?
The most obvious sign that you were hacked is that you’re locked out of your account. And by locked out, we mean you have been logged out of every device you’ve been using Twitter on and you can’t log in, no matter what you do or how hard you try.

Your first course of action is to try to change your password, by requesting an email from the password reset form; if you can get in, great: you can then perform a security audit. If you can’t get in, then you have to contact Twitter’s official support and hope they’ll help you recover your hacked account.

Besides getting hacked and locked out, your account can get compromised. There are a variety of telltale signs that may raise alarm bells. You may notice Direct Messages (DMs) you haven’t sent or tweets you didn’t write; your account may have followed or unfollowed accounts unbeknownst to you or even have blocked people. Twitter may alert you that your account has been compromised or that changes have been made to your account information, but you didn’t have a hand in that … those are all alarming signs.
There’s a number of things Twitter recommends that you should do immediately. Start with changing your password, then make sure your email account is secure; you should also revoke access to third-party applications that you don’t recognize and update your Twitter password in your trusted third-party applications. You can also take a peek at Twitter’s own security tips.

How not to get hacked again
Once you’ve gone through a compromised or hacked account scare, you probably want to lower the chances of that ever happening in the future. The simplest thing to start with for a more secure account is by creating a new stronger password, or if we might suggest, a strong passphrase. Just make sure that you haven’t recycled that passphrase for another account, since that makes it easier to compromise.

If you’re not a fan of holding all the passwords in your head, then a password manager could be a solution to your problems. You should also double down on your security and start using two-factor authentication (2FA), since adding an extra layer of security makes it harder for bad actors to invade your account.

Twitter supports a variety of 2FA options, such as authentication using text messages, hardware tokens or even software tokens. Actually, you shouldn’t use 2FA to secure only your Twitter account, but apply it as well to every non-Twitter account that allows the option. You can read up on the ins and outs of 2FA in our article.

On the eve of Twitter’s anniversary, we hope you didn’t get hacked, and that the suggestions we’ve made will help you take preventive measures to secure your account rather than reactive ones.