Your twitter account has been hacked? How to fix this (and avoid it happening again)

Justin   |   3 Comments » Posted on July 01, 2012

My Twitter account was “hacked” a number of months back, and the accounts of a number of people I follow have been hacked on a fairly regular basis since. This is unfortunately a regular occurrence and spammers are increasing their efforts to get access to people’s accounts to spam their followers.

How do you know if someone you are following has been “hacked”? 

You will in all likelihood get a direct message from someone you follow which will be a generic message (but interesting or tempting one) which will have an embedded link to a site. Links these days are mostly shortened so you won’t immediately be able to see the final destination site. Clicking on it could be compromising your account and / or delivering up malware to your PC which your Antivirus software may or may not detect. So avoid clicking these.

Common messages that are coming up recently as direct messages include :

  • Twitter might start to charge in July, sign this petition to keep the service free! (link removed)
  • Hi, this user is saying really bad rumors about you … (link removed)
  • Hi some person is saying really bad things about you … (link removed)
  • Hi somebody is posting horrible rumors about you … (link removed)
  • Hey someone is saying nasty things about you… (link removed)
  • Various messages about weight loss or other obvious spam

How do you know if you have been “hacked”?

Your followers will send you messages pretty quickly to tell you, or they will be asking you why you are sending them strange messages (like the ones above). Don’t ignore these or react negatively, thank them for the warning and get on with fixing the problem before more of you followers are spammed and / or compromised.

What to do when you have been “hacked” ?

  1. Change your password.
    • Choose something decent, not a real language word, chuck in some numbers or special characters, and don’t think you are smart by using l33t sp3@k (leet speak).
    • Ra35!!me would be good, whereas P@ssw0rd would be bad.
  2.   Check to see what applications are “authorised” against your account. This can be used to keep sending SPAM even after you have changed your password.
    • Log in to your Twitter account on the web and open up your account settings.
    • Click on the Apps tab in the left-hand menu.
    • Read down through the list of applications to see that you know about them and trust them
    • If unsure of an application, revoke its access. You can always approve it again later.
  3. Check that if you associated your mobile number with your twitter account you have set up a PIN
    • Log in to your Twitter account on the web and open up your account settings.
    • Click on the Mobile tab in the left-hand menu.
    • Choose a PIN if you don’t have one (mix of 4 numbers and letters)
    • Go to the bottom of the page and click Save changes.
    • If your PIN is OK you will see a confirmation message.
  4. Apologise to your followers. Send them here if they have been “hacked”. Shortlink : http://j-j.co.za/twithack
  5. Be vigilant

 How did you get hacked?

You may have clicked on one of the direct message links as per the examples above, or you may have received an interesting tweet or link to :

  • Sign a petition to stop twitter becoming a pay service
  • Save the Rhino, the Dolphins or the World
  • Anything else that looked interesting

If you do inadvertently click on a link, in some cases the URL shortening service (eg. bit.ly) will pop up a warning where they have determined the link to be dangerous. Consider this your guardian angel, say thanks and close the window.

If unlucky, you will end up on the page the attackers want you to. The most recent two I investigated put me on a page on tvvitiler.com which was a copy of the twitter login page with a timeout message asking me to log in again. If you are unfortunate enough to do so, that’s you toast, proceed to the fix section below :) The sites hosting these fake login pages vary from post to post and are more often than not themselves hacked, with the unlucky owners unaware of what is happening.

Chances are therefore that some website or app somewhere conned you into giving your credentials to Twitter or the app/site so that it could post something on your behalf. It may well be something that you wanted posted, however, it then piggybacks off that to send a whole lot of unwanted stuff. Just be aware, and vigilant, and followup quickly when something happens.

With information security, knowing how to react and clean up is just as important as prevention. It is not a matter of if, but of when your account will be compromised.

Thanks to :

  • Mandy Wilson (@Mandywilson_SA)
  • Samantha (@MetroGalZN)

If you have further comments and insight please leave it in the comments here or tweet me (@jjza). Please share this information (http://j-j.co.za/twithack)

P.S. To those infosec folks reading this, apologies for my very liberal use of the word “hack”

Written by Justin Research, Security, Social Media   |   Tags: , , , , , , , ,

Sony PlayStation Network hacked, the mea culpa letter and some tidbits

Justin   |   No Comments » Posted on April 29, 2011

Update :

So now it turns out that Sony have been hacked again, this time it is the turn of Sony Online Entertainment (SOE), the publishing division responsible for maintaining Sony’s numerous online gaming titles, like EverQuest,  EverQuest II,  DC Universe Online and Free Realms. This affects 12,700 credit card numbers and 24.6 million accounts, including accounts in Austria, Germany, Netherlands and Spain.

Read more here : Source: http://www.lazygamer.net/#ixzz1LIYYzCK4

A copy of the press release can be see here : http://www.soe.com/securityupdate/

After the previous PR disaster Sony have been quicker to react this time around, their situation does however go from bad to worse.  The Sony PSN is supposed to be coming back online shortly, along with a few “freebies” to say sorry to all their users. If you are still willing to trust Sony with your info there may be some goodies in there that interest you (the specific ones available to SA haven’t been announced yet), and 30 days free use of PSN+.

Out of interest, there are over 100 000 SA users of PSN : http://www.maxconsole.net/content.php?45820-Revealed-PSN-account-numbers-broken-down-by-country

Original post :

After days of hearing about the Playstation network breach on Sky News and on various sites, and reading about it on various hacking sites, that elusive mea-culpa email finally arrived from Sony.

It says a lot without really saying it. We might have lost your credit card details? Watch your statement?

This really isn’t good enough. Currently being out of the country for a few days, having to cancel a credit card and get another issued would be a real real pain, apart from being rather expensive. There is no talk of compensation for loss in the mail, but then I guess if you have managed to “lose” the details of millions of customers that could be a rather expensive exercise.  My card replacement fee is in excess of R150.  7million x R150 =  over R1 billion just for card replacement fees, before any fraud claims. Expensive mistake? Sony do claim that the database had an encrypted table of credit card details, with no CVS numbers or expiry dates, so perhaps the risk is not all that high of widespread abuse.

It shall be interesting to watch what happens from here on in, and see how the class action suites already being filed play out. Sony has already lost a lot of support and goodwill with the “OtherOS” fiasco and the GeoHot saga. Neither of which are really satisfactorily resolved.

Out of interest, it seems that when Sony first found out about the hack, it was more in the context of people being able to access paid for content without paying. Seems they had insecure methods of requesting that content, and the changing of a simple flag meant you didn’t need to pay. Hackers had produced custom firmware for the PS3 which allowed these changes to be made. It seems that there wasn’t a whole lot of security in the client/server requests. Read some of these here on IRC logs. No certainty on the validity, but sounds plausible enough.

Mocking of Sony abounds on the net (Source: tweet by @mxatone (Thomas Garnier) : http://img.clubic.com/04217086-photo-hack-psn.jpg):

Would you like to download some credit card details?

For those of you who didn’t get the mail (lucky you), here it is :

This is an email from Sony Computer Entertainment Australia Pty Ltd. If you can’t see the images in this email, please click here (link removed)

Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

  • Temporarily turned off PlayStation Network and Qriocity services;
  • Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
  • Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

Read the rest of this entry »

Written by Justin Online commerce, Pick On, Privacy, Security   |   Tags: , , , , , ,

Paying the rent

Close block

Paying that rent

Close block

Post history

Close block
July 2015
S M T W T F S
« Jun    
 1234
567891011
12131415161718
19202122232425
262728293031  
%d bloggers like this: