If you have gotten your Twitter account hacked because you’ve clicked on a phishing scam link, here’s how to get it cleaned up. Otherwise you might find yourself on lists you don’t want to be on.
Edited to add: Also, periodically check your sent tweets to see what your account has been doing without you! (Hat tip to @cspenn.)
Step 1: Stop clicking the links that get you hacked in the first place. Even if you know the person, consider the message that’s accompanying the link. If it sounds suspicious it probably is.
Step 2: No seriously. Stop.
Step 3: If you are still logged into your account, log out.
Step 4: Clear your browser cache and close out of it completely. (If you have numerous tabs open and don’t want to lose them? Save them as a group in a folder.)
Step 5: Re-open your browser, go to Twitter and change your password. No, don’t use the same password.
Step 6: Go to settings -> connections. Revoke access to any OAuth permissions that are suspicious or that you aren’t actually using. Remember these hacks almost always require you to login or give them permission via OAuth, make sure you trust the companies/people you grant permissions.
Step 7: Report the hack to Twitter then delete any tweets from unauthorized access. Prevent others from following the link from your hacked tweet.
Step 8: Post to your blog (i.e. somewhere other than Twitter) to let people/friends/followers know that you’ve been hacked, not to click on links that seems suspicious and when your account has been secured.
If you need help with the clean up or want more advice on how to prevent your account from being hacked you can contact me. I consult on a number of different topics including social meda, manage WordPress maintenance, and help clients manage their time effectively.
Find this post helpful? Please subscribe to our RSS feed!
Tags: OAuth, phishing, Twitter, Twitter phishing
Geeky personal assistant learning to become more ninja warrior. Ms. Magepants, indie music lover, lead org PCBoston. Saving people's sanity since 2007. 
Social comments and analytics for this post…
This post was mentioned on Twitter by cspenn: @stacykatz http://bit.ly/2cpTyh...
Great information. the only thing I think you left out was Step 9 – Again, stop clicking on links that you don't know what they are *grin*
Ha! I thought step 2 was pretty blunt though
[...] Recovering from Twitter Phishing – Nice little how-to. via @chelpixie on Twitter. [...]
Thank you. I just subscribed. Hope you do well.
BMoreKarl
A great, accessible summary of what to do – thanks!
i was kind of afraid to click the link from your twitter, suspecting that the phisher as so clever now that they were trying to trick folks by pretending to help them out with anti-phising advice. lol!
i had to change my password to get rid of a stupid daily astrology forecast app awhile back. i didn't know about that revoke access option. i'm gonna go check mine out immediately. thanks, for the info, sweetie!
Hey Chel,
Excellent post and timely it would seem–the DM's w/ funky messages are piling up. I'll share this with the poor benighted “phishees” and anyone else who will listen!
Warmly,
(your Twittermate) Allen
Thanks for subscribing!
Happy to be helpful!
Ha! I see your point. Happily I can report that I haven't clicked a bad link yet
Glad I helped and happy to see your face
Hey Allen!
Thanks for sharing it around. Happy it might help someone out when they need it
[...] [ chris brogan ] If you’ve been seeing tweets from people with suspicious links in them, or worse, if you’ve been sending those tweets without realising it, you’ll want to follow these steps: Recovering from Twitter Phishing. [...]
[...] Read More Here… Share and Enjoy: [...]
http://status.twitter.com/post/212318608/resear...
You can be “locked out after trying to reset your password”
Twitter “encourages you not to make changes to your email address, password, or user name during this time.”
Quantum,
As there is zero mention of the phishing scheme in that post I'd say it's unrelated.
I had some problems during this the time they were having issues with this that kept locking me out of my account even without the changes listed. They have since resolved that problem for me. I'm not sure if that's Twitter wide resolution.
As always, take these steps if you're comfortable with them. If you aren't, then don't. At the very least contact Twitter to alert them you've been hacked.
I'd follow the steps above to prevent the DMs from spreading to other users which creates a bigger problem.
-Chel
Great information as people have been warned and when they end up on lists that they do not want to be on there is no crying.
I cannot believe that people click links even from people that they know that seem out of character or suspicious.
Thanks for the reminder and info.
[...] Michelle Wolverton at ChellePixie wrote a great post about how to recover from these Twitter phishing attacks. [...]
[...] 20:59 Ed finds a WordPress Hack on MOC.com – Two security plugins: WordPress Exploit Scanner, WordPress Security Scan, Shel’s 8 Steps to Clean Up after a Twitter Compromise [...]
In Tweetdeck, when you click on bit.ly links, it will preview the link so you can see what it's shortened from, before proceeding. I'm not sure if that's a default setting or one I changed to make so. In fact, adding the plus sign (+) after any bit.ly link takes you to the Info page.
[...] you’ve somehow clicked and authorized the app to access your Twitter account, go to this link and follow the instructions to recover from the phishing attack. Thanks! Categories: [...]
Yep, as long as your signed into bit.ly via Tweetdeck it'll put that option in place for you. I'm not sure if you need to remain signed into bit.ly as well in your browser.
I may not have been hacked but only received some of these DM's. How do you know? I noticed them 2-3 days ago, never clicked on them, do not get repeats.
Check your sent DM regularly. If you see something that you didn't send and it reads spamy then you've probably been hacked.
And don't click on them and you should be fine
[...] RT @LisaHoffman: “Change public relations to people relations” – @ConversationAge#blogwell Recovering from Twitter Phishing Via @mikepfs Heard from a lot of phishing victims this week. Michelle Wolverton gives tips on what [...]
[...] Recovering from Twitter Phishing [...]
Great tips – thanks to @ChrisPenn for RTing the link to this. I saw this post before, and thought I had bookmarked it, but couldn't
' find it. The only thing I would do differently is send the tweet 1st that says yr account has been hacked, then go do all of the rest of the items on the list! The other thing I would do it to reteweet this post out, is that if anyone in your twitter stream did get hacked, they can get themselves out of it.
Oh, How I wish I had seen this about a week earlier. Hundreds of messages about some IQ Quiz were sent out over my name and I didn't know how to stop them. I tweeted for help and some kind soul suggested I change my password. I did that but was locked out of my account and couldn't reach anyone for help. I then opened a new Twitter account with a new name managed to access my old account and one by one followed my previous list. It took a lot of time and the whole experience has been a nightmare.
Had I known what to do I could have saved a lot of time and angst.
Your advice is well taken. Thank you!
That darned Imogeen Heap, I just new she was up to no good!
[...] Recovering from Twitter Phishing (chelpixie.com) [...]
[...] the email marketing campaigns of the top online retailers to reveal tre… 1 Likes Recovering from Twitter Phishing – Recover your account from Twitter phishing attacks. 1 Likes The Definitive Guide to [...]
[...] Recovering from Twitter Phishing [...]
I just did the same thing! I clicked over from your bio. I've never been hacked but knock knock. Now I know what to do should one day my guard be down and there really IS an embarrassing picture of me out there. Thanks!
[...] Sometimes, though, changing your password isn’t enough. To make sure you totally eradicate the problem, you can follow the steps in Michelle Wolverton’s post Recovering from Twitter Phishing. [...]
[...] I veckan blev mitt twitterkonto kapat. Konsekvensen blev att mina twittervänner utsattes för spammeddelanden skickade från mitt konto, med syftet att även kapa deras konton. Jag fick som tur var snabbt hjälp att lösa problemet, av bl.a. @kwasbeb, @RudolfChristian och @Fjallraven_Swe. Stort tack! Skulle också du råka ut för en kapning finns receptet på hur du fritar ditt twitterkonto här. [...]
[...] Recovering from Twitter phishingEn inte helt relevant guide dessa dagar. Många spam-DM i min inkorg från många av mina Twitter-vänner just nu. [...]
Hee. You could always ask the friend if the embarrassing photo link he or she sent is real before you click.
Sorry to hear you were hacked so badly! Hopefully this will serve you if it happens again in the future!
Chris is super awesome about spreading the word!
My reasoning for sending users through the process of changing passwords first is to stop the damage and spread of the DMs by cutting off access to their account. If folks catch it quickly enough it'll be easier to contain.
Please feel free to share the post. I'm happy that it's helping so many people in the community recover from being hacked.
I have been hacked people tell me. Apparently someone used my twitter name and sent disgusting tweets to people on my act..I am so upset. First I changed my password. But I'll go back and see what else I can do. If I'm not sure it's over I might contact you!!! Kim (on twitter) gave me your name.Thanks and I'll be in touch.What do we have but our communication on twitter-so embarresed the men recieved things I would not dream of saying(some were to polite to ask if I wrote those!-eeeks)(dylangirl99)
[...] Här kan du läsa om hur du skyddar dig. Dela/Bokmärk [...]
Feel free to contact me if you need help.
Thank goodness you have this info. When “it” happens you can’t find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.
Thank goodness you have this info. When “it” happens you can't find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.
Thank goodness you have this info. When “it” happens you can't find info quick enough! Friends thought I was sending lewd+gross DMs!How embarrasing! Men were shy to come out +say it +finally a female friend just came out with it! I almost passed out! Integrity is everything so I wrote 2 Kim+ she had me reach you-thanks so much!!! Of course I never really heard what they said (as me)I was told I would not want to know! But assume they all know I would never talk that way.I followed all your steps however-I will not hesitate to reach out for your expertise.Thanks so much again.