How To Tell If Your Twitter Is Hacked
Flocka Bilodeau
Thankfully, Twitter will notify you if account information has been changed, or if your account appears to have been compromised, but it is important to be aware of these other tip-offs when Twitter does not catch the problem.
When we talk about inadequate password security, that can mean using the same password for multiple accounts, using too simple of a password, sharing your password with people you cannot trust or in non-secure channels, or not changing your password regularly. If any of these are relevant to you and the way you handle your Twitter account, you will need to make adjustments to improve the security of your account, even if you are not immediately concerned about your Twitter account being compromised.
Generally speaking, a secure password is a password that is not too short (at least 10 characters long), uses several different uppercase and lowercase letters, numbers, and other symbols, and is unique from other passwords you use for other websites.
If you are not able to access your account, you can request a password reset by filling out the password reset form. Enter the phone number, email address, or username associated with your account and choose from the available options to reset your password.
If you are able to access your account and have changed your password, the next step is to limit any access that hackers may have to your account, as well as address additional information or accounts that may have been compromised.
As with your Twitter account, you will want to change your email password to a new, secure password that you have not used for any other accounts. While your email address may not have been directly compromised, you want to ensure that no one but yourself has access to this account.
Third-party apps can often be the original source of your Twitter account being hacked, so you will want to review what apps are linked to your account and remove any you no longer use, trust, or do not recognize.
Once you have reviewed your apps, review your sessions. This will show you what devices your account is logged in on, and will give you the option to log out of all other sessions, ensuring that your current, active device is the only device that is logged into your account.
One of the best ways to avoid your Twitter account being hacked, or to mitigate the damage if your account is hacked, is to stay aware of your account. Regularly check the devices that are logged in, the third-party apps that have access to your account, and any relevant settings or information on your account. In addition to your settings, check in with messages, tweets, followers, or any other aspects of your account where changes may indicate someone has accessed your account.
As we touched on earlier, Twitter has processes in place to detect and communicate with you about potential profile breaches, so pay attention to any communication from Twitter. That said, Twitter has warned that you should always be sure that communication is actually from Twitter, as many phishing attempts will reach out to you pretending to be associated with Twitter.
You can also update your privacy settings by going to Settings & Privacy, to privacy and safety, and customizing your preferences. While these may not make your account more secure, this can give you more control over who sees what information.
While two-factor authentication is included in the security options, I highlight this because it is one of the best ways to protect your Twitter account. Two-factor authentication requires you to verify account logins on multiple devices. Thus, hackers attempting to access your account will not be able to without access to your phone or authentication app, making it much harder for your account to be compromised.
If a hacker accesses your Twitter account, the consequences can begin in minutes. Thankfully, there are steps you can take to recover, secure, and protect your account to keep this from happening. As more of our personal and professional interactions move online, it is more vital than ever to protect your information and keep your accounts safe.
ProPublica senior editor Eric Umansky invited Honan on the podcast this week to share his terrifying hacking ordeal. Among the topics they cover: How Honan started chatting with his hacker, and after deciding to write about it all, ended up promising not to prosecute.
You can read Honan's firsthand account of being hacked and having his digital life compromised on Wired, How Apple and Amazon Security Flaws Led to My Epic Hacking. You can also download all of ProPublica's podcasts on iTunes.
Eric Umansky: Welcome to the MuckReads podcast. I'm Eric Umansky, a senior editor at ProPublica. For this week's episode, we're talking to Mat Honan, a senior writer for Wired who recently laid out his remarkable, and frankly horrifying, account of being hacked. Everything from his iPhone to his laptop to his Gmail, Twitter, family photos were all wiped clean after hackers broke into his account. They didn't do it by brute force or guessing his password. Instead, they used security loopholes from Amazon and Apple's customer service departments, and I urge everybody to go to Wired.com and read his very, very scary story.
Eric: Yeah, I hired Mat in 1990 something, and we've been in contact off and on since then. And I would actually say that the first time I first noticed that you got hacked when I noticed, basically, vile, racist diatribes coming from your Twitter account.
Mat: Certainly, yeah. I think it was probably in the first six months, eight months or so of when it was started. When I signed on, it was really easy to get a username, so I just used my first name as my username, which is M A T. One of the things that this group, the hacker who later got in touch with me claimed to belong to I assume he does because they posted some videos of it on their website one of the things they do, or the main thing they seem to do, is grab Twitter handles. They've got post after post after post in their blog showing all these Twitter handles they've grabbed.
Eric: Two factor, by the way, just being this extra step verification process for Gmail that everybody's talking about now. It's like, this is what you have to do to protect yourself from not becoming Mat Honan again.
Mat: Yeah, which is not totally true, by the way. It would have protected my Google account. It would have done nothing for me with Apple. They saw this chain, really quickly. From Twitter, to Gmail, to .me, they were able to establish that right away. As soon as they saw the .me, they knew that they could basically get this Twitter handle.
Mat: Yes. Certainly in the hundreds of thousands. I'm not sure exactly how many. I'd guess around half a million, would be a guess. I had also logged into my personal Twitter account, so that if I was just logged in on the web, I wouldn't have to log out every time, and log back in again, if I needed to post something to Gizmodo's Twitter.
Well, I never actually cut that off. I couldn't have cut that off because it was done on the Gizmodo account, which I didn't have access to anymore. And Gizmodo didn't cut it off because they weren't aware that I had done this.
But the hackers, when they logged in, they saw right away that there was a second account linked on there. So, they jumped on Gizmodo's account and began, not only did they have my 14,000 followers, now they had Gizmodo's 400, 500, 600 however many thousand followers Gizmodo had as well they could spew racist stuff to.
And back to your original question, I don't know how...you never know how honest they're being. They claim they didn't know I was a journalist, but that certainly did amplify their voice and it certainly did, at least, bring the person who's going to touch with me a large degree of notoriety he didn't previously have.
Eric: Right. So that brings me to one of the real things I've been wondering about it, and to be honest here, I don't know what the right answer is, but I think it's interesting to consider is, you decided, and it seems like pretty quickly, to write about this. You know? I'm just curious about your thought process on that. You had options. You could have decided not to give the attention and just gone to the cops. You could have laid it all out.
Mat: Oh, yeah. Yeah, yeah. They were sending me on my secondary Twitter account, when I set up a second Twitter account using my neighbor's computer so I could basically say, "Yes, I've been hacked. It's not me who's doing all this stuff. I wouldn't be saying that." At some point, one of the two of them, they claim there were two. There could have been one, there could have been 10, I have no idea to be perfectly honest. One of the two of them, though, sent me an "@" message. And I followed him, he followed me, and we started...
Mat: Just because of the things that he knew about my account and eventually would come to offer up some account passwords. He offered some detail, I'm not really comfortable getting into complete detail, but he offered some details that indicated to me that either he was the person who did it or that he was involved in it. There wouldn't have been other ways to know some of the things he knew, and some of those things I've been able to verify, even internally, with Apple. At first I just wanted to understand how, though, and I started talking to him and at one point he said, "Am I going to get in trouble for talking to you?" He said he's 19, but I get the impression he may even be younger than that. That was when I decided, yeah, I'm going to turn this into a story. I told him if he talked to me and helped me understand how he did it...
Eric: Which is to say, and that was actually going to be my next question, just to lay this out, you essentially said, "I am not going to press charges," right? In other words, you gave him...
c80f0f1006