Kind of strange thing happened yesterday and today to my twitter account. First I start seeing tweets from a particular user (AnonymX) which I hadn’t followed manually, but somehow was automatically following it, so I unfollowed it immediately (it has 5000+ followers somehow).
Today I log into my account and see a tweet which I hadn’t made and it contained that userid in it, and it mentioned that it has come from an API. Now as far as I remember, I hadn’t allowed any such API access to my twitter account and never even visited that particular website!
So far I am not quite sure if my password was hacked or if that API is using some other application/website that I had earlier signed up with, to abuse my account. But on further digging, it turned out I was following another user I hadn’t followed manually (unfollowed now).
A quick search on Twitter revealed that I wasn’t the only individual whose account had sent out similar message and was wondering the same thing.
I guess twitter really need to tighten its security and I need to be even more careful with my twitter account to ensure that it does not gets hijacked again by such spammers. So I have gone ahead and uninstalled and unlinked Tweetdeck application which I was using earlier for managing my Tweets and changed my password with the hope that this is the last I would see of it.
9 Comments
Thanks for confirming – I had the same panic thought. I didn’t have any extra followers/people I follow tho…
GeekAba, were you also using TweetDeck? Trying to find out how this has happened, so as to ensure this doesn’t happens again.
I had it posted on my feed and I’ve never used TweetDeck. I think the only twitter app I’ve ever used is Twitterrific on the iPhone.
Not using Tweetdeck in a while. I’m baffled why I haven’t found any other write-ups on this yet
I went through another blog post which said it might have been related to Twitpic, I had used it couple of times through Tweetdeck.
At this moment I seriously do not know what was the cause, hopefully as more and more people find out about this and report to Twitter, we might just get an official response.
Just saw that AnonymX profile has been taken off Twitter.
Just to reassure you, if you account is compromised like this, it will be NOTHING to do with TweetDeck. Spammers/Hackers get your account details when you enter your twitter credentials into an untrustworthy site or application.
Using TweetDeck will in no way have opened you up to such an attack and thus removing the app will make you no more secure than you were before.
I suggest you look at this article from Twitter Support http://help.twitter.com/forums/10711/entries/76036
Regards,
Richard Barley
TweetDeck Community Manager
Richard, first of all thank you for replying to my blogpost. I sure hope what you are saying is true, because I loved using Tweetdeck and managing Twitter without it isn’t nearly as much fun and easy.
The only services which were allowed access to my twitter account are:
Linkedin
Google
And before this incident, Tweetdeck
I don’t type in my login details at third party websites, my computers have Norton Internet Security 2010 (Kaspersky 2009 till couple of weeks back) and I do not use public or friend’s computers to log in. So all this really took me by surprise and as usual the first suspicion fell on the software that I use to login to my twitter accounts and hence I uninstalled it.
While I have no doubts that you guys go through app code rigorously in order to ensure there are no bugs or security holes, I would be glad if you can possibly check it again, just to make sure it is all quite secure.
And I am back to TweetDeck, http://www.yogeshsarkar.com/blog/2010/05/24/returned-tweetdeck/