First, my apologies to my followers for the stupid spam messages they got. It is exasperating to know that my followers were bothered in any way. Here’s what happened.
I first received a direct message from one of my followers saying that: I just saw a really bad blog about you” and a link. It was from a follower whose name I recognized and the link looked like every other link we see. Against better judgment, I clicked on the link. It brought me to a site that appeared to be sponsored by Twitter but it wasn’t exactly right.
One problem with auto-completes
While on this page, my Chrome auto complete filled in my password. I closed the page seeing that it was bogus and thinking I was safe. Too late. Next, I started getting repeated messages from my followers about these spammy messages. There were two spam messages: one that said I had seen a “really bad blog” and one said, “I saw a funny picture of you.”
Sent direct messages that looked like they were from me
This virus sent direct messages to people listed in my “sent” direct messages Twitter page, in the order in which they were listed there. Most recent messages first, etc. There were 200+ of these direct messages so theoretically, all of them could have been sent these messages. It appears that only 50 received them.
About 2 days had elapsed between the time I clicked on my follower’s link and the time of the first direct message. This morning, Sunday, I went onto Twitter and changed my password and then discovered the bogus direct messages sent automatically. I began deleting all my direct messages. It took a while to delete some 300 or so. Some of them were the bogus messages and the rest were messages I had sent. I tried to find a way to disable direct messages as a fail safe but this is apparently not possible.
I direct messaged a few folks who alerted me to the spam and sent two tweets warning everyone.
Authorized applications I don’t use
Another thing that happened is that a bunch of bogus applications were now “authorized” to access my Twitter. I deleted all the ones I hadn’t authorized my self.
I changed my Twitter password once more.
I also got a bunch of bogus new followers with sexually oriented female pictures and no mission narrative. I delete these immediately and always have. I was thinking this would minimize the chances of a more evil hacking. Sadly no.
It is Sunday evening now and I hope all is safe and resolved. Geez! What a pain!