Invasive Twitter Snark
August 3, 2011 3:43 PM   Subscribe

Someone hacked my twitter. Besides changing the password, what should I do?

Today, after I got cat-called on the street yet again, when I was feeling pretty sick and tired of random guys talking to me, I tweeted this:

"The typical pick-up line I hear in NYC is "Hey hottie/gorgeous/nicetits/nicebooty/beautiful, can I talk to you a sec?" NO, DUDE. YOU CAN'T."

Then later today, I logged back into twitter and found this, posted under my username:

"Hey, Laura Jean -- this is a person hacking your twitter. Just to let you know, you aren't all that hot. OK??"

What in the world? Is twitter especially easy to hack? My password is one of those thousand years passwords. How was this done? What should I do? Mefi, I need guidance.
posted by whimsicalnymph to Computers & Internet (16 answers total)
 
Is your twitter password unique -- i.e., completely different from your other passwords, so they can't have gotten there from somewhere else? Are your password recovery options super strong? Is your email password/password recovery super strong? Has anyone had access to your computer recently? Have you logged into twitter (or something with a similar password) from any other computer recently?

I would change your twitter + any other possibly bad account passwords. Anything's hackable if someone got close enough.
posted by brainmouse at 3:47 PM on August 3, 2011


Response by poster: If it helps: I was logged into Twitter at Starbucks.
posted by whimsicalnymph at 3:47 PM on August 3, 2011


Or maybe you just think it was Starbucks' wireless network. Anyways, did you visit any other password protected site? Better change those accounts too.
posted by Foci for Analysis at 3:48 PM on August 3, 2011


Oh, if you weren't using https (which is, I believe, still only an option, not a default, with twitter?), you could have easily been firesheeped
posted by brainmouse at 3:49 PM on August 3, 2011 [3 favorites]


What @brainmouse just said. I would bet money that's what happened. It's very easy.
posted by chrisfromthelc at 3:56 PM on August 3, 2011


It could have been firesheeping.

Or you could have physically walked away from your computer, to go to the bathroom or pick up your drink? Network hacking happens, but it's vanishingly rare compared to the old-fashioned physical kind.
posted by drjimmy11 at 4:04 PM on August 3, 2011


Response by poster: Gah! I just changed all my passwords on the sites I visited today. Honestly, I would feel less weird about this whole thing if it had just been a spambot situation, but the personal address totally freaks me out.

Definitely considering deleting the account altogether.
posted by whimsicalnymph at 4:04 PM on August 3, 2011


Response by poster: Never walked away from my computer, btw.
posted by whimsicalnymph at 4:05 PM on August 3, 2011


Your name is printed right on your twitter page. Which is why I'm leaning towards them physically seeing your page and jumping on your keyboard when you weren't looking. Especially since every twitter page redirects to https.
posted by drjimmy11 at 4:07 PM on August 3, 2011


Hmm nevermind then.
posted by drjimmy11 at 4:07 PM on August 3, 2011


I would also make sure that there are no rogue applications connected.

Visit https://twitter.com/settings/applications while logged into Twitter, and it'll give you a list of everything currently connected. If something looks fishy, revoke access. You can always reconnect it later if you find out it was legitimate.
posted by chrisfromthelc at 4:11 PM on August 3, 2011


drjimmy -- I believe twitter only goes to https if you've selected that option in your settings. I'm pretty sure that the default is that it does not use https, see here & here -- they wouldn't have the option to enable it if it weren't already enabled. Whimsicalnymph, please be sure to enable https in twitter and facebook (where it's also only an option argh) by going to Account (in the upper right) --> Account Settings --> Security (on the left) --> Secure browsing. Everyone do this. Immediately.
posted by brainmouse at 4:11 PM on August 3, 2011


Response by poster: Secure browsing enabled, all external applications disabled.

*Deep breath.*

As one friend put it, "It's the age we live in."
posted by whimsicalnymph at 4:20 PM on August 3, 2011


You need to revoke your permissions for other apps. (You'll find this in the 'account' section). When my account got hacked, i revoked all the permissions except for tweetdeck and facebook (ie companies i trust), and that stopped the problem.
posted by Kololo at 5:38 PM on August 3, 2011


FYI, don't just revoke permissions to apps you don't recognize. A lot of hacking is done by apps that you've legitimately given access to, without realizing it was built/managed by unethical shitheads.
posted by Kololo at 5:40 PM on August 3, 2011


The complexity of this hack is about as complex as the "omg hacked by Lindzey lolz" status updates you see on facebook when someone forgets to log out. If this person had any actual skill beyond an ultra basic troll, they wouldn't respond in the way they did. Script kiddies brag about hacking. I wouldn't worry.
posted by TomMelee at 5:41 PM on August 3, 2011


« Older Help me find a song from my youth!   |   Trying to brace myself for the next blow Newer »
This thread is closed to new comments.