Changing your Twitter password isn’t enough after a hack

Twitter Logo

So as I’m at six friends hacked in the past couple of days, all changing their Twitter password and then sending out spam fairly quickly again, I thought I would share this informative little guide on how to re-secure your Twitter after you’ve been hacked.

First off, change your Twitter password. That’s pretty important right there but it won’t stop any app that has been authorized from still posting on your behalf. You can assume if you’ve been hacked that there’s now probably an app somewhere authorized to post messages for you.

Changing your Twitter password is not enough

Twitter Settings cogTo stop these, on a computer go to the cog, choose settings.

In settings on the left you’ll see a link that says “apps.” It’s important to note that these are applications hosted on third party servers or applications that are allowed to post to Twitter on your behalf.

You can change your password a million times, but if you’ve granted authorization to a spammy app or a service that’s been compromised you’re not going to change a damned thing to stop it.

Twitter apps

Go through and revoke access to everything you don’t know. Don’t worry, you can always unrevoke access or request it again from any application that actually needs it. Chances are you’ve got tons of apps that have requested OAUTH access that are sitting around not being used.

If you’re wondering why these apps can keep posting after you’ve changed your password, it’s because when they were given access they were given their own password to talk to Twitter on your behalf. They never saw your password, they got an OAUTH token, and until the day you revoke their access they’ll keep that token.

Also make sure your Twitter password is something you don’t use other places. It’s absurdly simple to take a password and run it against every social media and banking account out there in a quarter of a second, so really, take care.

Have fun, be well, safe Tweeting!

If this helped you, drop us a tweet @theitbaby. If it didn’t, drop us a line here with what didn’t work or what I got completely wrong.