Losing access
to your account can be stressful, but there are steps you can take to get it
back – and avoid getting hacked again
Many people who use social
media are fans of the blue network, and by blue we mean light blue with a bird
and character limit of 280 characters. Tomorrow, Twitter celebrates its 14th birthday
and undeniably it has had an impact on our digital lives since its launch. Some
people use it as a way to keep up with their favorite celebrities, others to
have a quick overview of world affairs, while most usually use it to share
opinions with their friends and the world in general.
But what if your Twitter
account gets compromised or hacked?
How did I get hacked?
Everyone is a target – from
celebrities to regular people. Even Jack Dorsey, Twitter’s CEO, has had his
account compromised although in his case, the bad actors gained access using
a SIM
swapping attack. Criminals
sometimes also have access to databases of previously compromised accounts on
other services; these include emails, usernames, and passwords.
The now-defunct
LeakedSource was one such repository from which hackers were able to obtain the
information by running a username through it. If they can get back an email and
previously used password, they try their luck with your Twitter. The accounts
of Keith Richards of the Rolling Stones and Justin Bieber’s producer Dan Kanter
were hacked
this way.
Alternatively, this method
could be used for credential stuffing: the hackers would use bots to hammer the
site with login attempts until they stumble upon the right combination. Since
people often recycle their passwords, which makes the job of the ne’er-do-wells
simpler.
You also could have fallen
victim to a phishing campaign. It’s nothing to feel ashamed about; it happens
sometimes, and phishing scams have gotten more complex. The scammers may have
sent you an email with a link that redirects you to a website that looks
exactly the same as Twitter, asking you to log in. By trying to log into this
counterfeit Twitter, you essentially handed them the keys to your Twitter
kingdom.
What are the signs that I was
hacked?
The most obvious sign that
you were hacked is that you’re locked out of your account. And by locked out,
we mean you have been logged out of every device you’ve been using Twitter on
and you can’t log in, no matter what you do or how hard you try.
Your first course of action
is to try to change your password, by requesting an email from the password
reset form; if you can get in, great: you can then perform a security audit. If
you can’t get in, then you have to contact Twitter’s official support and hope
they’ll help you recover your hacked
account.
Besides getting hacked and
locked out, your account can get compromised. There are a variety of telltale
signs that may raise alarm bells. You may notice Direct Messages (DMs) you
haven’t sent or tweets you didn’t write; your account may have followed or
unfollowed accounts unbeknownst to you or even have blocked people. Twitter may
alert you that your
account has been compromised or that changes have been made to your
account information, but you didn’t have a hand in that … those are all
alarming signs.
There’s a number of things
Twitter recommends that you should do immediately. Start with changing your
password, then make sure your email account is secure; you should also revoke
access to third-party applications that you don’t recognize and update your
Twitter password in your trusted third-party applications. You can also take a
peek at Twitter’s
own security tips.
How not to get hacked again
Once you’ve gone through a
compromised or hacked account scare, you probably want to lower the chances of
that ever happening in the future. The simplest thing to start with for a more
secure account is by creating a new stronger password, or if we might suggest, a strong
passphrase. Just make
sure that you haven’t recycled that
passphrase for
another account, since that makes it easier to compromise.
If you’re not a fan of
holding all the passwords in your head, then a password manager could be a
solution to your problems. You should also double down on your security and
start using two-factor
authentication (2FA),
since adding an extra layer of security makes it harder for bad actors to
invade your account.
Twitter supports a variety
of 2FA options, such as authentication using text messages, hardware tokens or
even software tokens. Actually, you shouldn’t use 2FA to secure only your
Twitter account, but apply it as well to every non-Twitter account that allows
the option. You can read up on the ins
and outs of 2FA in our article.
On the eve of Twitter’s
anniversary, we hope you didn’t get hacked, and that the suggestions we’ve made
will help you take preventive measures to secure your account rather than
reactive ones.