Tuesday, 15 October 2013

Why Does Twitter Think My Account Has Been Hacked?

I got a nasty shock the other day.  I logged into Hootsuite and, instead of the normal streams of tweets and messages, I saw a pink message saying "The supplied Twitter network credentials are not valid. If you have changed your Twitter password recently, you may need to update it in HootSuite."  What was really worrying was that it appeared on three of my four accounts.

Last time I saw a pink message on Twitter it was because my account had been suspended, so I immediately assumed that this was what had happened.  I clicked on the 'update' link in the pink message and was taken to Twitter where I requested a password update.  I was told that an email was being sent to the gmail account I use for Twitter information.

When I logged into gmail, I found three emails from Twitter, sent the previous day, each relating to one of my accounts and saying "Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account. You'll need to create a new password for your Twitter account"

OK, panic over.  I hadn't done anything wrong.  I reset the passwords for the three accounts, making sure that I used lower and upper case letters, plus numbers and permitted symbols.  Twitter told me that all three passwords were very strong.

And that should have been that.  But it wasn't.  The original notifications (and resetting) had happened on October 8th.  On the 9th, one of the passwords was reset again.  A second was reset again on the 11th.  And the third was reset again on the 12th. 

According to Twitter's help page, signs of an account having been hacked are:
  • unexpected Tweets by your account
  • unintended direct messages (DMs) sent from your account
  • other account behaviors you didn't make or approve (like following, unfollowing, or blocking)
  • Receiving a notification from us stating that "You recently changed the email address associated with your Twitter account." (even though you haven't changed your email address)
None of these had happened on any of these accounts.  So what on earth was going on?  I tried to find some information on  the help pages, but when I entered "account reset", I got nothing relevant.  So yesterday I sent this tweet: "@Support You keep resetting my password but I'm using very strong passwords & there's no sign of my account being hacked. What's going on?"

As yet, I've not had a reply.  I'm hoping that's because they're investigating it and that I will receive an answer in due course.  Have you had something like this happen to your Twitter account?  And were you able to resolve it?


  1. I was having this problem on Twitter. The most annoying thing was having twits sent out by direct messages. All of them were to sites where there were erotic material. The message accompanying the tweet would ask the question, "I laughed so hard I almost fell out of my chair. Is the person in this video you? I finally received a message from Twitter. My password was being hacked because I had my twitter account linked to other accounts. Many of them are easier to hack that Twitter. Once I unlinked them, my problems stopped. I hope this helps you. The time spent in trying to solve the problem is annoying, and the hacked emails are irritating.

    1. Thanks for your comment. I'm glad to hear you found a solution to your problem. However, I keep an eye on the DMs my accounts send out (just an extra column on Hootsuite) and there's no sign of any rogue messages. I do have apps linked to my accounts but I've been using most of them for a lot longer than this has been happening. So it's still a mystery.

  2. My experience with twitter has been pretty mellow. When I stopped using tweeter my account stabilized. I found that only using my Google account prevented all those rests.

    1. Thanks for your input Melody. It's not happened again so I'm keeping my fingers crossed. No reply from @support (surprise, surprise). So it'll probably remain a mystery.