Log in

No account? Create an account
entries friends calendar profile My photos are here Previous Previous Next Next
More about the Twitter hacking and a PSA about apps - Helen's journal and online home
In which an old dog attempts to learn new tricks.
More about the Twitter hacking and a PSA about apps
Thanks to trenton22 providing a link to tacit's account of a similar hacking, I am now of the opinion that the attack came via Twitter itself and wasn't my account being directly hacked. I changed the password and removed a suspicious app yesterday, so realising that the attack wasn't personal gave me the confidence to re-activate the account in order to see what had been going on. The first tweet made by the hackers was on 14 December, the exact same date the strange apps were approved on tacit's account.

Here is tacit's summary of what is going on:

"So to recap: Attackers are gaining access to large numbers of Twitter accounts and using them to spam malware. The malware is an off-the-shelf package designed to allow its users to profit from click fraud; the malware authors operate a site hosted on hostzealot.com. The compromised Twitter accounts have read/write access granted by malicious Twitter apps. They're being used to spread links to the InstallMonster malware, probably not from the malware's actual authors, but from people who've bought a copy of InstallMonster and customized it to direct money to them. (That's increasingly the way the malware industry works: people create turnkey malware kits which they then sell to other criminals.)

IF YOUR TWITTER ACCOUNT IS HACKED: It's not enough just to change your password! You must also go to your Apps control panel in your profile and revoke access to the malicious apps!"

I'm pretty sure I didn't compromise the account myself. In recent months I haven't logged on from anywhere other than my home computer, so I haven't left a computer logged on where someone could access my account. The password was a random string of letters with a squiggly bracket in the middle like so {. It was therefore un-guessable. So it was either brute forced or, as tacit suggests, someone has somehow managed to find a back door to connect their app to people's accounts without their knowledge. My password hadn't been changed, just a suspicious app enabled. I also suspect it was somehow automated because who would bother manually hacking an account with 5 followers? :)

So, I'm giving Twitter a second chance. I have deleted all the dodgy tweets and blocked another spammy looking account who seemed to be able to get messages into my stream, even though I wasn't following them. However, I will look in there every day from now on to check for suspicious activity. And Twitter is most definitely on probation. Any more problems and the account goes for good.

It any of you are on Twitter, you might like to check the Apps settings regularly and watch out for anything dodgy appearing. If it does, remove it immediately

Current Mood: alert for trouble

13 comments or Leave a comment
seaivy From: seaivy Date: December 19th, 2013 12:00 pm (UTC) (Link)
I haven't understood a word of your whole post. Guess I just don't belong in the twitter universe.
Doesn't matter. There are other worlds.
But, thank you for alerting me that I should take action.
heleninwales From: heleninwales Date: December 19th, 2013 12:04 pm (UTC) (Link)
I didn't take to Twitter and found it just lured me into reading endless blog posts and articles that, while interesting, didn't really add anything to my life. :(

The account I'm keeping is one where I had been trying to tweet in Welsh. I only follow people who (mostly) post in Welsh so I can practice reading the language. So it's performing a different function and I'll give it another chance.
feodora From: feodora Date: December 19th, 2013 12:02 pm (UTC) (Link)
That exactly sounds like what happend to my twitter. Last weekend I Saw that there where posts on my timeline, which where not from me (cyrrilic) and that I had about 20 additional friends I never added. Also there where some apps I have never known of.
I deleted the apps, friends and postst and changed my password. On Monday I could reach twitter but on wednesday not. So I treid to change my password again, which needed several attemps but now my account is mine again....
heleninwales From: heleninwales Date: December 19th, 2013 12:57 pm (UTC) (Link)
It seems that it's happened to lots of people. I'm glad you got control back. I'm going to watch the account like a hawk from now on, but the first sign of trouble, I'll close it. I do want to use it to practice reading Welsh, but if it's going to be a lot of hassle, it's not worth keeping it.
feodora From: feodora Date: December 19th, 2013 06:08 pm (UTC) (Link)
Yes...thats what I will do too.
I use Twitter mostly as a news feeder as I have subscribed several newschannels
artkouros From: artkouros Date: December 19th, 2013 01:03 pm (UTC) (Link)
I had about 50 weird apps activated on my account.
heleninwales From: heleninwales Date: December 19th, 2013 01:33 pm (UTC) (Link)
That seems to be how they're doing it. I don't think they can have hacked so many passwords individually, so there has to be some weakness in Twitter itself that they're exploiting.
feodora From: feodora Date: December 19th, 2013 06:09 pm (UTC) (Link)
Yes I had several APPS too
nutmeg3 From: nutmeg3 Date: December 19th, 2013 06:09 pm (UTC) (Link)
Thanks for the heads-up. I've just started using Twitter, since lately 30 seconds is about all the free time I have to say anything. And fingers crossed you're safe now. What is your Twitter name? I'm Nutmeg3isme.
heleninwales From: heleninwales Date: December 19th, 2013 06:40 pm (UTC) (Link)
LOL! For what it's worth, my Twitter name is crwbanbach. It should really be two words and means "little tortoise" in Welsh (because I'm a really really slow learner!). But you really don't want to follow me because if I post at all, it will be in Welsh. :)

I did used to have another Twitter account and followed a number of interesting people, but I found that it just lured me into reading endless blog posts and articles that, while interesting, didn't really add anything to my life. Basically it became a huge time sink and I gave it up.

kaishin108 From: kaishin108 Date: December 19th, 2013 08:33 pm (UTC) (Link)
Thank you!
I just went and checked my Twitter apps... And I will keep an eye on those!
readthisandweep From: readthisandweep Date: December 19th, 2013 11:09 pm (UTC) (Link)
Thanks for this, Helen. I checked & deactivated loads of apps! My Twitter account has been hacked once - ages ago. I'm now assuming it was the apps that maybe facilitated this.
trenton22 From: trenton22 Date: December 20th, 2013 02:44 pm (UTC) (Link)
I'm very glad that info helped! It was worth digging for.
13 comments or Leave a comment