Saw this message from a friend on twitter this morning.
“haha the look on your face in this pix is priceless! <url removed>”
Looks innocent enough, we were recently at event and I thought photos were published. Click.
Shortly after, Twitter inbox starts flooding with messages. I was in a “Doh” moment and quickly got pinged by friends who lucky enough didn’t click on the links yet.
“lmao this video of you is funny as hell, im sharing it with everyone <url removed>”
Lesson learnt. DON’T click on short URLs from friends on any communication. It’s something I follow MOST of the time and unfortunately, trust and curiosity got the better of me today.
Somehow the Twitter session I was on got hijacked and the permissions allowed the rogue app to send messages to my contacts. Had this been a more malicious payload, it would have been less “humorous”.
Thanks to Katy for the info:
and Twitter’s help https://support.twitter.com/articles/31796
- Noticed unexpected Tweets by your account.
- Seen unintended DM’s (direct messages) sent from your account.
- Observed other account behaviors you didn’t make or approve (like following, unfollowing, or blocking).
- Received a notification from us stating that, “You recently changed the email address associated with your Twitter account” (even though you haven’t changed your email address).
If so, please take the following steps:
1. Change your password
Please change your password immediately from the Passwords Tab in your Account Settings. Please select a strong password you haven’t used before. If you can’t log in to your account, please see thistroubleshooting page.
2. Revoke connections
While logged in, visit the Applications tab in Account Settings. Revoke access for any third-party application that you don’t recognize.
3. Update your new password in your trusted third-party applications
If a trusted external application or widget uses your Twitter password, be sure to update your password in the application.