How my Twitter account was spammed/hacked

First, my apologies to my followers for the stupid spam messages they got.  It is exasperating to know that my followers were bothered in any way.  Here’s what happened.

What happened

I first received a direct message from one of my followers saying that: I just saw a really bad blog about you” and a link.  It was from a follower whose name I recognized and the link looked like every other link we see.  Against better judgment, I clicked on the link.  It brought me to a site that appeared to be sponsored by Twitter but it wasn’t exactly right.

One problem with auto-completes

While on this page, my Chrome auto complete filled in my password.  I closed the page seeing that it was bogus and thinking I was safe.  Too late. Next, I started getting repeated messages from my followers about these spammy messages.  There were two spam messages: one that said I had seen a “really bad blog” and one said,  “I saw a funny picture of you.”  

Sent direct messages that looked like they were from me

This virus sent direct messages to people listed in my “sent” direct messages Twitter page, in the order in which they were listed there.  Most recent messages first, etc.  There were 200+ of these direct messages so theoretically, all of them could have been sent these messages. It appears that only 50 received them.

About 2 days had elapsed between the time I clicked on my follower’s link and the time of the first direct message.  This morning, Sunday, I went onto Twitter and changed my password and then discovered the bogus direct messages sent automatically. I began deleting all my direct messages.  It took a while to delete some 300 or so.  Some of them were the bogus messages and the rest were messages I had sent. I tried to find a way to disable direct messages as a fail safe but this is apparently not possible.

I direct messaged a few folks who alerted me to the spam and sent two tweets warning everyone.

Authorized applications I don’t use

Another thing that happened is that a bunch of bogus applications were now “authorized” to access my Twitter. I deleted all the ones I hadn’t authorized my self.

I changed my Twitter password once more.

I also got a bunch of bogus new followers with sexually oriented female pictures and no mission narrative.  I delete these immediately and always have.  I was thinking this would minimize the chances of a more evil hacking.  Sadly no.

It is Sunday evening now and I hope all is safe and resolved.  Geez!  What a pain!

Contact the author with questions or comments.
Bookmark the permalink.


  1. Pingback: Twitter ALERT If you get this message do not open | Easy Computing

  2. We got several of the ‘bad blog’ DMs a few days ago. Luckily I didn’t open them, but this was more down to the wording of the message than knowledge on my part. In our case I felt that if there was something going round, we’d have heard it from a more direct source (we run a guest house, so TripAdvisor would have been a tip off to problems).

    Had I opened the link(s) I would not have known how to correct the problem, or realised that bogus apps were authorised, so thanks for the post. This has really opened my eyes and I’ll be much more aware in future.

  3. Pingback: #Twitter Alert If you get this message pls do not open link | Easy Computing

Comments are closed