?

Log in

No account? Create an account
entries friends calendar profile I have stuff on the web here Previous Previous Next Next
Gah! Stupid Twitter - Helen's journal and online home
heleninwales
heleninwales
Gah! Stupid Twitter
I have heard of people getting their Twitter accounts hacked and I'd actually closed my main account (not because of that, but because Twitter was a huge time sink and wasn't good for my mental health), but I'd left the other account where I occasionally tweet in Welsh. Well, today I got a notification that a spammy looking account was following me, so I logged on to delete and block. And oh noes! I had been tweeting in Russian. Fancy that! I didn't even know I spoke Russian. :(

So I hastily changed the password then deleted the account. I hope it's gone and I don't think anyone was really following me, but I now feel slightly embarrassed that I hadn't kept a closer eye on it.

Also, just to be on the safe side, I've just been and changed the password on several other social networking sites, including LJ and DW. Yes, I know you shouldn't re-use the same password, but I had because otherwise you have so many you just can't remember them.

Current Mood: annoyed annoyed

21 comments or Leave a comment
Comments
trenton22 From: trenton22 Date: December 18th, 2013 07:41 pm (UTC) (Link)
Sorry that happened to you. I just had to scroll back to check the name, but it was tacit who on December 14 (if you care to look over the detail) posted about that large scale twitter issue. I checked my accounts, and they were OK. What an annoyance though.
heleninwales From: heleninwales Date: December 19th, 2013 10:14 am (UTC) (Link)
Thanks ever so much for that link to tacit's post. That's exactly what happened to me and, having re-activated the account so I could see what was going on, on exactly the same date too, namely 14 December.

I had a pretty secure password, a random bunch of letters with a squiggly bracket { in the middle, so it was totally un-guessable and in fact my password hadn't changed. There had been a strange app enabled, which by chance I had found and disabled.

I've therefore decided to give Twitter a second chance, but I'll make sure I look in there daily in case of anything bad happening again.

artkouros From: artkouros Date: December 19th, 2013 12:23 am (UTC) (Link)
Me too - I was spamming some sort of Russian things. It took 5 tries but I finally got my account deactivated.
seaivy From: seaivy Date: December 19th, 2013 02:33 am (UTC) (Link)
I've deactivated mine also
suddenly I was "following" strange people
heleninwales From: heleninwales Date: December 19th, 2013 10:18 am (UTC) (Link)
If you have decided to abandon Twitter, you can just leave it deactivated, but if you want to resurrect the account or want to start another but are worried about it happening again, it seems to have been some sort of mass attack in which a malicious app was enabled without the account holder's knowledge.

This post by tacit has the details of how to check for malicious apps and revoke their access. I've decided to give Twitter a second chance, but I'll check into the account daily in future so I can catch problems earlier. And if it gives me trouble again, it has had it as far as I'm concerned.

Edited at 2013-12-19 01:08 pm (UTC)
artkouros From: artkouros Date: December 19th, 2013 12:43 pm (UTC) (Link)
And my profile magically changed to make me a Giants fan.
heleninwales From: heleninwales Date: December 19th, 2013 01:00 pm (UTC) (Link)
That worried me too, in fact I thought it was something to do with the hacking! But after looking at it more calmly this morning, it seems to be just a suggestion of the sort of thing you might say. I entered some actual text and it disappeared.
heleninwales From: heleninwales Date: December 19th, 2013 10:18 am (UTC) (Link)
If you have decided to abandon Twitter, you can just leave it deactivated, but if you want to resurrect the account or want to start another but are worried about it happening again, it seems to have been some sort of mass attack in which a malicious app was enabled without the account holder's knowledge.

This post by tacit has the details of how to check for malicious apps and revoke their access. I've decided to give Twitter a second chance, but I'll check into the account daily in future so I can catch problems earlier. And if it gives me trouble again, it has had it as far as I'm concerned.
artkouros From: artkouros Date: December 19th, 2013 12:40 pm (UTC) (Link)
I've never tweeted, and the posts I follow seem to be redundant other places, so it's just not worth the trouble to me.
heleninwales From: heleninwales Date: December 19th, 2013 01:04 pm (UTC) (Link)
Fair point. I'm giving Twitter one more chance. The account that was hacked is one where I tried to post in Welsh. I only follow people who tweet in Welsh, in an attempt to practise reading the language. It is therefore somewhat useful, but if it's going to be a hassle, it's not so useful that it's worth a lot of effort to keep it going.
kaishin108 From: kaishin108 Date: December 19th, 2013 03:26 am (UTC) (Link)
That is awful about your Twitter account. Do you think it was connected to that Amazone issue you had, I think it was Amazon. I do appreciate you saying, I will watch my account closely!
heleninwales From: heleninwales Date: December 19th, 2013 10:34 am (UTC) (Link)
I'm confident it was nothing to do with people trying to use my Gmail account as their own because the Twitter account is linked to a totally different email account and uses a totally different password. However, because people did seem to be trying to steal my email address (mostly by mistake or due to confusion!) I did increase the security and now if I log in from a different computer, I also need to enter a code that is sent to my mobile phone to prove that it really is me.

The Twitter thing turns out to have been a mass attack, as described by tacit. This post has the details of how to check for malicious apps and revoke their access.

I've decided to give Twitter a second chance, but I'll check into the account daily in future so I can catch problems earlier. And if it gives me trouble again, it has had it as far as I'm concerned.

Edited at 2013-12-19 01:08 pm (UTC)
kaishin108 From: kaishin108 Date: December 19th, 2013 08:35 pm (UTC) (Link)
I am glad the incidents were not connected. Gosh we have to be so on the look out these days! Are you the same name on Twitter, I should look for you... I am HelenKWMc

Edited at 2013-12-19 08:35 pm (UTC)
rymrytr From: rymrytr Date: December 19th, 2013 04:58 am (UTC) (Link)

Hey Miss Helen,
If you think it might be your password strength, try this:

Pick you an 8 character password. Say, I am for you too (I think that is from an old, original Star Trek)... anyway, type
Iam4you2

Then press the 9 (the next key down) o then down again l . move left and go up: , k i 8

What you get is a 16 digit password that is part memory and part pattern.

You can even add a capital:
Iam4u29ol.,ki8

It's easier than it looks! :)

MyDogis4t then the pattern
MyDogis4t9ol.,ki8

Password tester at http://www.howsecureismypassword.net/
says it would take 2 quadrillion years to hack the MyDog password.
NOTE: Don't enter your real password in the test. There may be recording software in the background. Just go to something close, to get the idea that once you get beyond 10 or so, and add those odd, random keys, then you are safer.

I use the same 16 digit password on most of my accounts, and change the random numbers (the 9 down and up to the 8), every month. In January, I go 1 down, up to 2 etc.

What ever password you use, you then go to a number, go down the keyboard, move left and go up. In this case, you have 17 characters.

I hope I haven't confused the issue too much, but lets do one more

iLuvMydog would take 8 days to hack.
adding: 8ik,mju7 would take 3 trillion years.

The point is, hackers are only going to go for the simplest, easiest, and FASTEST. They don't want to wait a year or two.

You don't need to respond back to me on this - it's just the ramblings of an Esoteric and Cryptic mind, as you well know!!!! :o)

heleninwales From: heleninwales Date: December 19th, 2013 10:28 am (UTC) (Link)
The password was a random string of letters with a squiggly bracket in the middle like so {. It was therefore unguessable. So it was either brute forced (which according to that site would take a desktop PC and hour) or, as tacit suggests and I think far more likely in this post, they have somehow managed to find a back door to connect a malicious app to people's accounts without their knowledge.

My password hadn't been changed, just the suspicious app enabled. I also suspect it was somehow automated because who would bother running a PC for an hour to manually hack an account with 5 followers? :)

PS As I'm not using that password any more, I did test it with that checking site, though of course I would never use a real password.

Edited at 2013-12-19 01:07 pm (UTC)
asakiyume From: asakiyume Date: December 19th, 2013 07:07 am (UTC) (Link)
I'm curious (and uneasy) about the relationship between having spam accounts follow you and being hacked. Is there a connection, and if so, how does it work?
heleninwales From: heleninwales Date: December 19th, 2013 10:21 am (UTC) (Link)
I don't know whether there is a connection between having spam accounts follow you, but when I was actively using Twitter, I blocked and reported any suspicious accounts.

However, this seems to have been an attack via Twitter rather than against individual accounts.

If you are worried about it happening to you, it seems to have been some sort of mass attack in which a malicious app was enabled without the account holder's knowledge.

This post by tacit has the details of how to check for malicious apps and revoke their access. I've decided to give Twitter a second chance, but I'll check into the account daily in future so I can catch problems earlier. And if it gives me trouble again, it has had it as far as I'm concerned.
asakiyume From: asakiyume Date: December 19th, 2013 12:05 pm (UTC) (Link)
Thanks so much for this; I'll check out the link. My Twitter account is pretty minor, but it never hurts to be safe.
asakiyume From: asakiyume Date: December 19th, 2013 12:20 pm (UTC) (Link)
Note: the link doesn't quite work, but I was able to get there by--well, not quite sure how; by doing "inspect element" and then copying directly from that--not sure why it wouldn't work as a hyperlink, though… anyway, I mention it in case other people try clicking and getting "page not found," as I did.
heleninwales From: heleninwales Date: December 19th, 2013 01:05 pm (UTC) (Link)
Thanks. I had actually noticed and corrected the error. I hadn't quite copied and pasted the address correctly, but it should be OK now in my followup post on the same subject, but not in my replies in this thread. Sorry.

Edited at 2013-12-19 01:07 pm (UTC)
asakiyume From: asakiyume Date: December 19th, 2013 01:13 pm (UTC) (Link)
Excellent--and furthermore, I see you've highlighted the post in your next post, so that's even better. I did go check my apps--interesting to review what-all I've approved over the years...
21 comments or Leave a comment