What to do if your Twitter account gets hacked

Internet security is a hot button topic and with many of our readers sending emails into our tips email account every day asking for help when their online accounts are compromised,  I thought it might be a good idea to provide a step-by-step guide to recover from some common attacks people fall victim to, beginning with Twitter.

There are two primary methods through which your Twitter account can be compromised. Either you authorised a malicious application to connect to your account, or your password was guessed/stolen.

The first thing to do as soon as you notice a problem is to scan your system with an up to date anti-virus product to be sure your machine isn't infected and doesn't have a keylogger installed.

Next you need to set a new password. As always we recommend selecting a strong password that is unique for each website.

If mixing numbers, letters, punctuation and case is too complicated (because you aren't using a password manager) then the most important thing to remember is that size does matter. Going long is better than something short with a number on the end.

Then you should review the applications you have granted access to your Twitter account. To view the list log in to Twitter, select your account in the upper-right corner and choose settings, then click on the Applications tab.

You'll notice that this account has a rogue application installed, Your Profile Views, that has already been suspended by Twitter.

You could just revoke access to any applications you don't trust, but I recommend starting over and revoking all of them. You can simply reauthorise any applications you are actually using as you need them.

The last step is to tweet out an apology to your friends and be sure to alert the Twitter team by sending a message to @safety.

To stay aware of the latest scams and warnings, it is a good idea to follow@safety as well as @NakedSecurity, and even @spam if you wish to stay abreast of the latest spammer activity.

Often corporate accounts can fall victim to hackers, most often from insecure choice of passwords and the need for multiple people to be able to tweet from the accounts to maintain 24/7 coverage.

There are some great solutions that can help you ensure the shared account has a good password without needing to share it.

Services like GroupTweet and HootSuite allow you to delegate tweeting to other user accounts and even moderate tweets before they are posted (in the paid versions).

This won't prevent your employees from choosing a poor password for their own account, but with the moderation feature you can prevent any damage to your brand by accepting a bit of management overhead.

Naked Security reader @PeterVogel pointed out that hackers will often change the password on your Twitter account, locking you out from performing the above steps.

If your password has been changed you can use the Twitter password reset form, or if that doesn't work you can contact Twitter support.

I hope this is helpful to those of you who need to recover your Twitter accounts and for those of us who have to help bail out our friends when they are in trouble.

Chester Wisniewski is a senior security advisor at Sophos Canada.