I was hacked on Twitter (and what you can learn from it)

The hacked post said "Check Out The Article to Get Started" and then a TinyUrl link.

What showed up on my twitter feed.

Update: I got an email from Hootsuite.com that their service was compromised. Turns out it wasn’t me after all, but that doesn’t mean that the security steps I took were bad ideas. Keep reading.

I woke up this morning and decided to check my Twitter account. I was happy with the fact that I’d never been hacked, but today I realized that wasn’t true. Normally, the way you get hacked is by clicking a link and logging into what looks like a Twitter login page, but isn’t. I don’t remember doing that, so I thought I was safe.

When I looked, I found the tweet above had been favorited by a follower, but I didn’t remember writing it. I investigated.

It was a link to a weight loss product, disguised as a news site.

Lesson #1: Look at the sites you’re referred to by links you find on line. It might represent itself as being from somewhere it isn’t. In this case, the link started with “bbconline.com.” and continued on with a longer url. Since you can make a sub-domain on any site, it’s easy to add “newyorktimes.com.” at the beginning of any site. The graphic designer who made the page, did a great job. It looked like a news site. What tipped me off immediately though, was that it showed (as it was loading) as “bbconline.com” and not “bbconline.co.uk” as I’d expect.

Lesson #2: When was the last time you checked the apps that you’ve allowed to have access to your Twitter account? I went through the list of apps I’d approved and there was a huge number that I couldn’t remember. I hate to admit that I casually approve apps with the ability to post on my timeline, so it could be that one of these was the culprit (and maybe they, not me were hacked), but it’s still my fault for having so many that I don’t still use. I cut the list of over 100 down to 15. If that doesn’t do it, I’ll cut out the rest.

Lesson #3: Am I using an old password? I’ve used LastPass for a while, but hadn’t changed my Twitter password in a while. I thought I’d gone with a more secure password, but no. I was using my oldest password, which I knew was hacked years ago. Oops!!!! I actually started using this password in college. I really needed to stop using it a while ago, but I didn’t.

I don’t know that I’ve fixed it because I don’t know where the problem started, but I hope I fixed it.

Bonus lesson: Correlation isn’t causation. My mother-in-law clicked on a video and around the same time her FaceBook was hacked and started posting porn. Just because something happens around the same time doesn’t mean that it’s the cause. It’s like having an upset stomach after you drank distilled water with your meal. Most of us know that purified water won’t generally cause upset stomachs. Choosing one thing and deciding that it’s the cause is arbitrary. Be careful in jumping to conclusions if you’re hacked. It could be something that you don’t even remember doing.

Who else has been hacked on Twitter? How did you fix it?

Paul Alan Clifford, M.Div.

Paul Alan Clifford, M.Div. has been a tech volunteer with Quest Community Church in Lexington, KY since 2000 and is the founder of TrinityDigitalMedia.com, llc. He became part of the technology in ministry team when his church’s attendance was around 200 in one Sunday service and has witnessed it’s growth to 5,200 average weekly attendance in one Saturday service, four Sunday services in one online and two physical campuses. He literally wrote the book on podcasting in churches, twitter in churches, & servant-hearted volunteering, as well as writing various articles for publications like “Church Production” and “Technologies for Worship” magazines.