My Twitter Account Was Hacked! It Can Happen To You Too.

The more accounts you have the more ways you can be hacked.

Well, it was an interesting night over at my house. It started at about 9:45 or so when I received an email from my friend TK Keaninni, CTO of nCircle. He said he has been getting some Twitter spam (don't we all), but that it was from my account. He said it looks like someone had gotten into my Twitter account.

RELATED: Psst, Want To Buy Some Twitter Love?

Retelling a Password Nightmare in the Wake of the LinkedIn Password Leak

Well after the initial post-traumatic stress flashback to the last time my online persona was hacked, I began to think rationally about what we were dealing with here. I logged into HootSuite, which I use for Twitter on my laptop. It didn't show any unusual activity; no Tweets from me, no DMs or mentions. All seemed normal. I wrote to TK and asked what he got from me. He sent me a direct message that was something like this:

HAHAHAHA i cant belieeve whaaat you did in this videeoooo its soo sad its all over face book!!!! click here ( URL link deactivated).

Well, that was a pretty run-of-the-mill phishing attempt, and I didn't have to click the link to know that it was probably malware.

Next, I went to my actual twitter page. Sure enough, that showed that I had sent and received about 25 direct messages, all in the span of the last half hour. None of them were from me, so it appeared that someone was sending messages from my Twitter account. Also, I was receiving these direct messages from other people, and it was the same message in each one. Were they also hacked? Was it some kind of ring? The direct messages were from people that I didn't even recognize as accounts I was following.

The first thing I did at that point was immediately change my password and verify that all of my information was correct in my profile. Next, I put out a Tweet asking anyone if they had gotten these DMs and if anyone knew anything about it. I had people who were not even listed on the Twitter page say they had received Twitter spam from me. They had all deleted it as it was obviously spam.  

More importantly, some of my friends in the Infosec community, like Chris Hoff, gave me some quick tips on what to do. I had to go into Twitter and deauthorize all of the my accounts associated with Twitter (Facebook, iPhone, Linkedin, etc.). In my case that was nearly two-dozen different apps. Once every thing was deauthorized, I then changed my password yet again. Of course, I did this with a random password generator that generates strong passwords.

Then I sat back and watched to see if I could see anything else happening. Finally, after a few hours I went to bed hoping that I would not wake up to more Twitter spam from me.  

So far so good. It  looks like there has been nothing sent in 10+ hours. I still have not turned on any of the accounts associated with Twitter. I think I will wait a little before doing that. When I do, I will turn them on one at a time and give it a chance to see if any of those accounts were compromised.

Fun, fun, fun in the digital world. In my case I think the Twitter DM spam these folks are sending is not worth the trouble they went through to do it. Is anyone really going to click on that nonsense?

Did it have anything to do with the post I wrote on Twitter yesterday? Maybe someone didn't like it? I don't know. But here is the lesson: no matter what we do, we can all get hacked at anytime. You should have a plan in place on what to do if it happens to you!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT