Twitter Account Hacked? What should you do?

27 Mar 2013

Twitter account hacking is starting to become fairly common.  Hardly a week seems to pass without some large organisation or celeb having their account overrun. Indeed, who can forget the hilarious Syrian Electronic Army hack of various BBC accounts earlier this week, or the classic #biebermyballs takeover of Justin Biebers account in 2012?

Celebrities and large corporations aside, smaller Twitter accounts are also now regularly being hacked, most often for the purposes of spamming.  The Reflow Studio Twitter account was hacked (twice) earlier this week.  Having therefore recently been through the process of being hacked (twice) we thought we’d write down what we’ve learned.

How will you be informed your account has been hacked?
Aside from the fact there’s a good chance you’ll notice your account has been hacked yourself, your followers will also probably notice pretty quickly.  There’s a good chance one of them will be kind enough to let you know.  Please don’t ignore them!

Twitter is itself now much quicker at detecting when an account has been hacked and sending you an email prompting you to reset your password.  

But beware! – the ‘phishers’ have also started sending out fake emails. They look like a Twitter email but get you to go to a fake site (that looks just like Twitter) so that you enter your details. And then they don’t have to hack your account, because you’ve just given them your details.  How to get around this problem?   Always make sure the URL on the page that you are entering your details into starts with - then you’ll know you are in the right place.

How can you tell your account has been hacked?
Tell tale signs are strange following/un-following/blocking behaviour, unexpected tweets and direct messaging you're not responsible for.

How quickly should I react?
Pretty Quickly.  Don’t ignore those first helpful souls who ask why you have started direct messaging them about Viagra and weight loss supplements.  Do something before the trickle of helpful souls becomes a deluge of unhappy ones, quickly heading for the 'Unfollow' button.

What then?
Update your password (if you are still able to sign into your account).  
Make it difficult for someone to guess, with more than a dozen characters, numbers, letters and make it unique. The best passwords are not actually those that look like gobbledegook! Something with a few words and numbers separated by spaces can be really quite secure; we'll be writing about passwords again soon because the more you do online the more important it is that your accounts are yours only.

Can’t sign into your account?
Go to and request your password be sent to your email address.

No email comes through after you’ve requested one?
It’s time to report what’s going on and submit a ‘Support Request’ -

Anything else?
Yup.  Third Party Applications.  Once you’ve got control of your Twitter account by whatever means it is a very good idea to review the third party applications that are connected to your account, Hootsuite, iPhone app etc.  If there is a third party application which is not 100% trustworthy then click the ‘Revoke Access’ button.

Third Party Applications which do not have good security are a prime way for hackers to get at your details. Apps require you to enter your Twitter account details into them so they can connect to your account.  The apps store your details and if their security is poor, your details will be easy to obtain.

That it?
Nope. After being hacked ensure your computer’s security software is up to date so that you know that no one is getting to your Twitter account, or anything else for that matter, through your PC or Mac.

And finally...
Once you have regained control of your account, let everyone know what happened (with a Tweet) so that it's clear you're back in the drivers seat.


Visit the Reflow Studio Twitter Page

Blog archive