In 2020, Twitter made headlines when 130 Twitter high-profile user accounts – including Barack Obama, Kanye West, and Warren Buffett, just to name a few – were compromised in a bitcoin scam. Some of the compromised accounts were used to ask individuals to send bitcoin currency to a specific cryptocurrency wallet, tweeting that the money would “be doubled and returned as a charitable gesture.” Within minutes, more than 300 transactions had been made, and over $110,000 had been deposited into the account before the scam messages were removed by Twitter.
Labeled as “the worst hack of a major social media platform yet” by CrowdStrike co-founder Dmitri Alperovitch, Twitter responded to the episode by putting new security measures in place to prevent similar incidents in the future.
Unfortunately, while this breach did move Twitter to update its security measures to reduce the number of accounts being hacked, the problem persists. This week alone, Twitter once again made headlines after the recently deceased Gilbert Gottfried’s Twitter account was hacked in the hours following his death.
Whether you are a public figure or just use Twitter to connect with a few friends, the consequences of your account being compromised can be significant. Here, we’ll explain hacking and how to know if your account has been hacked, dive deeper into why it matters if your Twitter account is hacked, and what you can do to protect yourself online.
How do I know if my Twitter has been hacked?
If your Twitter account has been hacked or compromised, that means your account has been accessed by someone who is not you or otherwise authorized by you to access your account.
Depending on the motives of the person hacking your account, the tip-offs that your account has been compromised can change. Generally, the most telling signs that your account has been hacked are:
- Changes to your account (such as your username, bio, profile picture, etc.) that you did not authorize,
- Tweets or messages that you did not post or send, or messages from people that you do not recognize or would not normally interact with,
- Follows or followers that you did not have before,
- A changed password or losing access to your own account.
Thankfully, Twitter will notify you if account information has been changed, or if your account appears to have been compromised, but it is important to be aware of these other tip-offs when Twitter does not catch the problem.
How can my Twitter account get hacked?
There are a couple of ways your Twitter can get hacked:
- There is a data breach of some kind that exposes your information, either through the platform itself or through a malicious third-party website or app
- Your account has inadequate password security
In the first case, there isn’t always something you can do to prepare, save for checking the legitimacy of the third-party websites and apps your Twitter is linked to and limiting the number of third-party websites and apps that have access to your Twitter account. To avoid the consequences of data breaches, stay up-to-date on breaches when they happen (one way you can do this is by setting up a Google alert for a relevant phrase) and act quickly if your information is affected.
When we talk about inadequate password security, that can mean using the same password for multiple accounts, using too simple of a password, sharing your password with people you cannot trust or in non-secure channels, or not changing your password regularly. If any of these are relevant to you and the way you handle your Twitter account, you will need to make adjustments to improve the security of your account, even if you are not immediately concerned about your Twitter account being compromised.
The Real Impact of Your Twitter Being Hacked
So far in 2022 Twitter has reported 217 million daily active users. The United States has the most Twitter users by country, with an audience reach of nearly 77 million users – roughly 25% of the US population.
As one of the most popular social media platforms, a compromised Twitter account can have several negative effects:
- A compromised Twitter account can impact your privacy. If someone has access to your Twitter account, they have access to your information associated with that account, such as your phone number. Privacy is only becoming more important, and there can be greater consequences when personal information is accessed.
- The longer you wait, the harder it will be to recover your account. Twitter’s first recommendation if you suspect that your account has been compromised is to change your password; however, if you wait too long or realize your account has been hacked too late, it’s possible that your password will be changed, barring you from accessing your own account. While there are options if this happens (more on this later), this can make it much more difficult to recover your account.
- A compromised Twitter account can also compromise other accounts. If you have linked your Twitter to other accounts online, those accounts may also be compromised if your Twitter is hacked. Not only does this expand the reach of the hacker, but this means you will have to work on the other accounts when doing damage control.
- The pace of Twitter can raise the stakes if your account is hacked. Remember the 2020 example in our intro and the impact that a few minutes made. Twitter moves quickly, and a breach on Twitter – especially if you are not regularly monitoring your account – can have a wide reach and severe impact. Sometimes, a few days or even a few hours will mean that you are already too late to mitigate the impacts of your account being hacked.
- A compromised Twitter account can also compromise your reputation. The aforementioned pace of Twitter can cause an account breach to have severe impacts on your reputation, particularly if you are a public figure, have a large following, or utilize Twitter for professional or branding purposes. It may be hard to recover from the effects of your account being hacked, even if you move quickly, which means the best way to handle your Twitter account being hacked is to avoid getting hacked in the first place.
What to Do When Your Twitter Account is Hacked
If you suspect that your Twitter account has been hacked, do not panic. There are steps you can take to regain and secure your account.
The first question to ask yourself is: can you still log into your account?
If the answer is yes, change your password immediately. To do so, go to Settings & Privacy, to your account, and click on “change your password.” Enter the old password, choose a new password, and save your changes.
It should go without saying that your new password should be extremely secure to avoid breaches in the future.
If you are not able to access your account, you can request a password reset by filling out the password reset form. Enter the phone number, email address, or username associated with your account and choose from the available options to reset your password.
If you do not have access to any of the communication methods listed, you can reach out to Twitter support to regain account access.
You will have to do so with the email address that is associated with your account. If this is not possible, Twitter has provided options to troubleshoot and regain access.
If you are able to access your account and have changed your password, the next step is to limit any access that hackers may have to your account, as well as address additional information or accounts that may have been compromised.
Secure Your Email Address
As with your Twitter account, you will want to change your email password to a new, secure password that you have not used for any other accounts. While your email address may not have been directly compromised, you want to ensure that no one but yourself has access to this account.
Review Third-Party Apps
Third-party apps can often be the original source of your Twitter account being hacked, so you will want to review what apps are linked to your account and remove any you no longer use, trust, or do not recognize.
To do so, go to go to Settings & Privacy, to security and account access, and click on “Apps and sessions.” Once you do, you will see two relevant categories: “Apps and sessions” and “Connected accounts.”
Click on “Apps and sessions” and review your connected apps. You will not only be able to see what apps are connected to your account but when your account was connected to those apps. If any of the apps are outdated, or you do not trust or recognize them, you can revoke app permissions.
Review Your Sessions and Connected Accounts
Once you have reviewed your apps, review your sessions. This will show you what devices your account is logged in on, and will give you the option to log out of all other sessions, ensuring that your current, active device is the only device that is logged into your account.
You can also review connected accounts to remove Twitter access to any other accounts you have linked your account to.
How to Keep Your Twitter Account Secure
While you can never completely protect your Twitter account from hacking attempts, there are steps you can take to secure your account.
- Pay Attention to Your Account
One of the best ways to avoid your Twitter account being hacked, or to mitigate the damage if your account is hacked, is to stay aware of your account. Regularly check the devices that are logged in, the third-party apps that have access to your account, and any relevant settings or information on your account. In addition to your settings, check in with messages, tweets, followers, or any other aspects of your account where changes may indicate someone has accessed your account.
As we touched on earlier, Twitter has processes in place to detect and communicate with you about potential profile breaches, so pay attention to any communication from Twitter. That said, Twitter has warned that you should always be sure that communication is actually from Twitter, as many phishing attempts will reach out to you pretending to be associated with Twitter.
It may seem obvious, but the more familiar you are with your account information, the more likely you are to notice an inconsistency, allowing you to act quickly.
- Update Your Security and Privacy Options
The default security options that Twitter offers may not be the best options for your account. To update your security settings, go to go to Settings & Privacy, to security and account access, and click on “security” to increase protection regarding resetting your password and enable two-factor authentication.
You can also update your privacy settings by going to Settings & Privacy, to privacy and safety, and customizing your preferences. While these may not make your account more secure, this can give you more control over who sees what information.
- Including Two-Factor Authentication
While two-factor authentication is included in the security options, I highlight this because it is one of the best ways to protect your Twitter account. Two-factor authentication requires you to verify account logins on multiple devices. Thus, hackers attempting to access your account will not be able to without access to your phone or authentication app, making it much harder for your account to be compromised.
- Protect Your Passwords
I’ve said it a few times, and I’m going to keep saying it: if your Twitter account is hacked, you should change your password to a new, secure, unique password.
But even if your account has not been compromised, you should be sure to practice good habits when it comes to your passwords, including:
- Changing your password regularly,
- Not reusing old passwords or passwords across multiple platforms,
- And never sharing your passwords with anyone.
This can seem like extra, unnecessary work, but by keeping your passwords as strong as possible, you will have the best chance of protecting your account from being hacked.
If a hacker accesses your Twitter account, the consequences can begin in minutes. Thankfully, there are steps you can take to recover, secure, and protect your account to keep this from happening. As more of our personal and professional interactions move online, it is more vital than ever to protect your information and keep your accounts safe.