How to Regain Control of a Hijacked Twitter Account

Someone logged into your Twitter account, and that someone isn’t you. They’re probably a spammer hoping to inundate your followers with junk, or maybe a “hacker” (in a very loose sense) being paid to follow other accounts. It’s just possible that they’re intentionally targeting you and hoping to make you look bad. Whatever the circumstance, you want to kick them off your account on the double. Here’s how.

Step One: Keep An Eye on Your Email

Twitter’s no stranger to hijacking attempts, so the company has a few internal triggers to detect unusual behavior. One of them is an email notification for any new login via the web or a Twitter app. It will look something like this:

Now, since I live in Texas and I don’t own an iPhone, odds are pretty good that whoever has logged in from Kolkata via the Twitter iPhone app isn’t me. It’s time to do a little basic security.

Of course, this step (and changing your password) won’t help if someone has also gained access to your email account. But if that’s the case, you have bigger things to worry about than Twitter.

Step Two: Change Your Password

This step should be pretty obvious. Before you do anything else, change your password. Open up the Twitter website from a desktop or laptop browser. (you can do it from your phone as well, it’s just a bit cumbersome: open Twitter.com in “desktop view” and zoom in.)

Click your profile icon in the upper-right corner, then click “Settings and privacy” in the pop-up menu. Click “Password” in the left-hand column.

Type your current password in the first field, then your new password in the second and third fields. If you need some pointers on a more secure password (and you just might, since your account was just hijacked), check out this How-To Geek guide on the subject.

Step Three: Revoke Access to Existing Sessions

Unfortunately, changing your password won’t automatically log out apps and browsers that are already logged in, even though they did so using outdated login credentials.

From the Settings and privacy menu, click “Your Twitter Data” in the left-hand column. You’ll need to enter your password again, then click “Confirm.”

This page will show you all of your various personal data, as well as your login history. Scroll down to the middle of the page to the section labelled “Login history.” Click the link for “See your last 45 logins.”

In this view you can see the last 45 times that Twitter apps or websites used your saved credentials to access the service. (Each one isn’t necessarily a full “login,” with name and password, because most apps save that data.) In my view, I can clearly see two logins from our mystery iPhone user in India, on September 6th and again on September 9th. Remember that “Twitter for iPhone” information: that’s what we want to know.

Click “Apps” in the left-hand column. This will open a list of all the websites and apps that you’ve authorized to access your Twitter account and data. Of course, in this case, it wasn’t you who authorized the access.

Find the app or service that you identified as the point of access for the intruder from the “last 45 logins” page, and click the “revoke” button. In my case, it’s the “Twitter for iPhone” app. Don’t worry if it’s also coincidentally one of the apps that you use yourself—you’ll simply have to log in again from your own device, and this time with your newer, tougher password.

Step Four: Clean Up Your Account

Now it’s time to undo whatever shenanigans that stranger got up to while he or she had access to your account. Check the following for anything you don’t remember yourself doing:

  • New tweets and replies
  • New “moments”
  • Private messages
  • Favorites and “likes”
  • Newly-followed accounts

Newly-followed accounts and private message spam are likely to be the most common additions to your account, since they’re the most effective means of nefarious advertising and paid followers, respectively. Once you’ve scrubbed those tweets raw like Momma scrubbing a permanent marker “tattoo” off your hands with dishwasher soap, your account should be back to normal.

If you want to prevent this from happening again, you might want to add two-factor authentication to your Twitter account, among other security precautions. Check out this How-To Geek guide on the topic.

Image credit: NeONBRAND

Michael Crider has been covering technology on the web since 2011. His interests include folk music, football, science fiction, and salsa verde, in no particular order. He wrote a novel called Good Intentions: A Supervillain Story, and it's available on Amazon. You can follow him on Twitter if you want.