Like most out there I have received lots of DM’s from twitter followers recently that would either not usually contact me or that are not following me. Now, I don’t believe my account has been compromised and up until yesterday I didn’t do anything about others that had contacted me. On Friday though I received a couple of DM’s from a family relation telling me I should see what others have been writing about me on twitter, this caused me alarm as I know they would not be bothered what was said about me, but I spoke to them and advised them they should change their password and check to see if their twitter account had been used to authorise other applications as a bit of a starter for 10. But, today I received a mail-shot from and saw the Naked Security twitter feed giving the best information I have seen so far. So I thought i’d share it, thanks to all at Naked Security as always very helpful and relevant information.
Best Regards Richard
Orginal Source: Naked Security : Many Naked Security readers email our tips email account every day asking for help when their online accounts are compromised.
I thought it might be a good idea to provide a step-by-step guide to recover from some common attacks people fall victim to, beginning with Twitter.
There are two primary methods for your Twitter account to become compromised. Either you authorized a malicious application to connect to your account, or your password was guessed/stolen.
The first thing to do as soon as you notice a problem is to scan your system with an up to date anti-virus product to be sure your machine isn’t infected and doesn’t have a keylogger installed. Next you need to set a new password. As always we recommend selecting a strong password that is unique for each website.
If mixing numbers, letters, punctuation and case is too complicated (because you aren’t using a password manager) then the most important thing to remember is that size *does* matter. Going long is better than something short with a number on the end.
Then you should review the applications you have granted access to your Twitter account. To view the list log in to Twitter, select your account in the upper-right corner and choose settings, then click on the Applications tab.
You’ll notice this account has a rogue application installed, Your Profile Views, that has already been suspended by Twitter.
You could just revoke access to any applications you don’t trust, but I recommend starting over and revoking all of them. You can simply reauthorize any applications you are actually using as you need them.
The last step is to tweet out an apology to your friends and be sure to alert the Twitter team by sending a message to @safety.
To stay aware of the latest scams and warnings, it is a good idea to follow @safety as well as @NakedSecurity, and even @spam if you wish to stay abreast of the latest spammer activity.
Often corporate accounts can fall victim to hackers, most often from insecure choice of passwords and the need for multiple people to be able to tweet from the accounts to maintain 24/7 coverage.
There are some great solutions that can help you ensure the shared account has a good password without needing to share it.
Services like GroupTweet and HootSuite allow you to delegate tweeting to other user accounts and even moderate tweets before they are posted (in the paid versions).
This won’t prevent your employees from choosing a poor password for their own account, but with the moderation feature you can prevent any damage to your brand by accepting a bit of management overhead.
I hope this is helpful to those of you who need to recover your Twitter accounts and for those of us who have to help bail out our friends when they are in trouble.
I will continue to update this article with any additional insights posted in the comments and keep it as a living post.