Hacking isn’t something new to Twitter, but it’s generally been easy to get your account back through Twitter tech support, though not always quickly. For most accounts it’s not much more than embarrassing and annoying. For brands, of course, it can be a bigger deal. HBO was recently hacked, and the hackers threatened to release scripts from popular shows like Game of Thrones, Silicon Valley, Vinyl and others. They also posted tweets like “let’s make #HBOHacked trending!” on the HBO account.
Sometimes hackers use the applications you connected to Twitter in order to hack into your account. You might have given apps like @Thecounter (Hacked in March 2017) permission to post for you, then forget you did that, and suddenly you see spam on your account. Or, like @AmnestyInternational, and @Unicef, you find Nazi symbols and Turkish slogans showing up on your account. Not good.
The Verge recently reported a new scheme
It’s called a “DoubleSwitch” attack. They start with a basic takeover of your account, then change the user name on your account, sometimes several times. Then they create a new account with the original user name, sometimes keeping your picture and description, and post whatever fake news or spam they want to.When you try to recover your password for the account you find the email used is no longer the same, it belongs to the hacker.
From your followers perspective, they won’t be following the fake account with your name unless they’ve added your username to a list etc. If they do a search to find your username they’ll see the tweets from the fake account.
When you try to recover your password for the account you find the email used is no longer yours, it belongs to the hacker, and you’ve lost control of the account with little recourse.
If your Twitter account is hacked
Start by requesting a password reset. Once you’ve got your password you’ll need to update all of the passwords in your trusted 3rd party apps like Buffer, SproutSocial, Hootsuite, etc. Then revoke access to all of the apps you’ve allowed to connect and review which ones are worth keeping. Apps go dormant all the time, so if you’re not actively using them, get rid of em.
How to prevent Twitter hacks
Go through the apps you are giving access to for your Twitter account and revoke access for all but the bare minimum.
Change your password to something smarter than “IHatePsswrds”, and plan to change it quarterly. Don’t use the same password on all of the sites you access. Shake it up a little.
Enable 2 factor authentication. Twitter will ask for your mobile number and send you a text with a verification code when you try to log into Twitter. Enter the code and you’re good to go. If the hackers have your phone too? Well, that’s another issue. Here’s how to set up 2 factor authentication. Twitter calls it “Login Verification“.
Be sure you are on Twitter.com and not a spoof site. Check the link of the page.
Don’t give your Twitter login info out, especially not by email. Use a tool like Hootsuite or SproutSocial and give access through that if an admin or assistant needs access to post. Then you can manage their access without risking personal information.