Hacked Twitter Account
October 15, 2013 6:00 PM Subscribe
My old, dormant Twitter account recently started sending out direct messages to everyone on my list with spammy stuff. This happened within the last hour, and I just deactivated the account. The password for the Twitter account is different than the password for the email account that I set it up with. The password on the Twitter account hadn't been changed, and no tweets were sent from it (only DMs). Is this likely a third party app jacking the Twitter account (and therefore isolated) or should I be concerned about the establishing email account as well? I ask because this is my primary gmail account.
That happened to me about three weeks ago. Reset the password and kill third party app permissions. (I know when it happened because I had to look it up when Twitter force-changed my password this morning. Apparently it's going around.)
posted by immlass at 6:26 PM on October 15, 2013
posted by immlass at 6:26 PM on October 15, 2013
If you have a cell phone with text messaging, you should also check out 2-step verification for some peace of mind.
Basically, it texts you a code that you must type in to the computer before you log in. It acts as an extra layer of security (they must have access to your texts, as well as your password, to log in to your gmail account) and a notification in case someone attempts to log in.
The site mentions Android phones specifically but it works on other phones too (I have an iPhone).
posted by o310362 at 7:34 PM on October 15, 2013
Basically, it texts you a code that you must type in to the computer before you log in. It acts as an extra layer of security (they must have access to your texts, as well as your password, to log in to your gmail account) and a notification in case someone attempts to log in.
The site mentions Android phones specifically but it works on other phones too (I have an iPhone).
posted by o310362 at 7:34 PM on October 15, 2013
If your gmail account has an entirely different password, it is extremely unlikely that the gmail account is compromised: it is just a place that messages are sent by Twitter, Twitter never had the Gmail password, so hackers can't get into your email. My Twitter was suddenly compromised this past weekend, it showed a "Twitter for IOS" third-party connection I never authorized; I changed my password and disabled the third-party app and all is good, but I never worried about my email account once, because they're not really connected.
(One thought: if they got into your Twitter account, they know your email address and probably your name, so be vigilant if you get any notices from Twitter: they might be phishing emails from whoever compromised your Twitter account trying to regain access)
posted by AzraelBrown at 7:35 PM on October 15, 2013
(One thought: if they got into your Twitter account, they know your email address and probably your name, so be vigilant if you get any notices from Twitter: they might be phishing emails from whoever compromised your Twitter account trying to regain access)
posted by AzraelBrown at 7:35 PM on October 15, 2013
For peace of mind alone (since it's unlikely your mail account was compromised), I STRONGLY recommend to my friends and family that they look into Google's Two-Step Verification. It makes it much harder for a baddy to seize control of your accounts, and is not a huge imposition in terms of extra stuff you have to do.
posted by jenkinsEar at 7:56 PM on October 15, 2013
posted by jenkinsEar at 7:56 PM on October 15, 2013
This thread is closed to new comments.
You can (accidentally) give applications these permissions without giving up your password, likely that's what happened.
posted by straw at 6:19 PM on October 15, 2013