is my twitter account getting hacked?

[ghanwani]

I have a twitter account that I don't really use. I follow only 2 people, but every few days a 3rd person shows up in my feed with posts in Arabic, a language I do not understand. If I unfollow that person, the same thing happens again a few days later. I have changed my password multiple times to no avail. I have tried contacting twitter but they are completely unresponsive. So I need some help:

- Is my account hacked or does twitter have some sort of security flaw that allows 3rd parties to insert new follows into a persons twitter account?
- If it's hacked, how do they get my new password?
- What can I do about this?

I actually don't care about this account. Would it be better if I just suspend the account?

Has anyone else experienced something like this? If so, what did you do?

 

[Scepticalscribe]

I have a twitter account that I don't really use. I follow only 2 people, but every few days a 3rd person shows up in my feed with posts in Arabic, a language I do not understand. If I unfollow that person, the same thing happens again a few days later. I have changed my password multiple times to no avail. I have tried contacting twitter but they are completely unresponsive. So I need some help:

- Is my account hacked or does twitter have some sort of security flaw that allows 3rd parties to insert new follows into a persons twitter account?
- If it's hacked, how do they get my new password?
- What can I do about this?

I actually don't care about this account. Would it be better if I just suspend the account?

Has anyone else experienced something like this? If so, what did you do?

Why not block them?

Twitter allows you a number of options: You can block, mute, and "unfollow" people.

I assume that as you follow only two people, that you do not follow these posts - or feeds - in Arabic; rather, they chose to follow you.

Anyone can follow you, - this has nothing to do with passwords - but you can choose to mute or block them. Moreover, there is no reason to decide to follow someone who has chosen to follow you, although some do this to increase their number of "followers".

Therefore, I doubt that your account is "hacked", rather, some who poster on Twitter may be simply choosing to follow your account.

My advice would be to block them, every time they put in an appearance.

 

[MisterSavage]

You said you "unfollowed" them but I'm assuming you meant another choice because you wouldn't have selected to follow that account.

I've had Twitter keep showing me annoying people because they post about topics similar to other people I follow. For them I selected "show less often" and those people stopped showing up.

Sometimes I have also used "mute" or "block".

 

[decafjava]

Just follow the advice of the two posters above me and your account will be fine OP.

 

[ghanwani]

Just to be clear, I follow 2 people by choice, but every few days that number increases to 3, with the 3rd person being the Arabic one. Then I unfollow and a few days later the process repeats.

 

[D.T.]

Just to be clear, I follow 2 people by choice, but every few days that number increases to 3, with the 3rd person being the Arabic one. Then I unfollow and a few days later the process repeats.

Yeah, that's something slightly more malevolent, years ago there was a hack that let someone mark themselves as being followed by any user (bug in their API).

So to clarify, they're being followed, by your account, like you clicked follow on their account?

 

[ghanwani]

Yeah, that's something slightly more malevolent, years ago there was a hack that let someone mark themselves as being followed by any user (bug in their API).

So to clarify, they're being followed, by your account, like you clicked follow on their account?

Correct. I'm wondering if there's still some bug in their API. I cannot find a good way to report security issues to twitter. I have tried to use it using their generic "contact us" forms on 2 separate occasions but there has been no response and no resolution.

 

[Scepticalscribe]

Just to be clear, I follow 2 people by choice, but every few days that number increases to 3, with the 3rd person being the Arabic one. Then I unfollow and a few days later the process repeats.

Candidly, I am at something of a loss to understand how you can "follow" someone without having made an active choice, or decision, to do so.

In Twitter, if someone decides to "follow" you, you receive a notification to that effect (and you can block them if you do not choose to have them follow you).

However, if they are following you, I suggest that you click on their account; the top right hand corner will show you three little tabs, underneath whatever image is portrayed in the account.

From right to left, these tabs will show you a large blue box that will say "following". Left of that, you will see an envelope in blue; if you click on that, this allows you to DM the individual in question. Left of that again, is a series of blue dots.

Click on this, and you will see a drop down menu. One of the options listed is to mute the account in question, and another is to block the account person you are inadvertently following. Click on block, and you should not see them again unless they attempt to access your account via a different account. "Unfollow" - which is also an option on that drop-down list, is not sufficient.

 

[ghanwani]

Candidly, I am at something of a loss to understand how you can "follow" someone without having made an active choice, or decision, to do so.

Yes, it perplexes me too. And it makes me think there's either one of two things going on:
- Someone has figured out how to hack my account across password changes.
- There's a security flaw in twitter's infrastructure which allows someone to silent insert themselves as being followed by me.

 

[D.T.]

Yes, it perplexes me too. And it makes me think there's either one of two things going on:
- Someone has figured out how to hack my account across password changes.
- There's a security flaw in twitter's infrastructure which allows someone to silent insert themselves as being followed by me.

Have you also changed the password for the email account you use for Twitter, and activated any additional authentication on Twitter?

 

[ghanwani]

Have you also changed the password for the email account you use for Twitter, and activated any additional authentication on Twitter?

I haven’t changed the password on the email account but the logs do not indicate any suspicious activity there.

I don’t have any additional authentication enabled in twitter. That may be worth a try.

 

[Scepticalscribe]

Yes, it perplexes me too. And it makes me think there's either one of two things going on:
- Someone has figured out how to hack my account across password changes.
- There's a security flaw in twitter's infrastructure which allows someone to silent insert themselves as being followed by me.

But, if they are blocked, - and not merely "unfollowed" they will have to set up a fresh account in order to attempt to access or infiltrate yours.

Block this person if they make another appearance as someone you follow. You can block the people you follow as easily as you can block those who try to follow you.

 

[D.T.]

But, if they are blocked, - and not merely "unfollowed" they will have to set up a fresh account in order to attempt to access or infiltrate yours.

Block this person if they make another appearance as someone you follow. You can block the people you follow as easily as you can block those who try to follow you.

The problem isn't that they're being followed and can be blocked, the real issue is how they're being added to the OP's follow list. I think he was more concerned about overall security of his account (and potentially other systems) vs. just the annoyance of a single user.

Cause vs. Symptom

 

[Scepticalscribe]

The problem isn't that they're being followed and can be blocked, the real issue is how they're being added to the OP's follow list. I think he was more concerned about overall security of his account (and potentially other systems) vs. just the annoyance of a single user.

Cause vs. Symptom

But, if they are being added to the OP's follow list, they can still be blocked.

You can block both those you follow, and the people who follow you.

 

[D.T.]

But, if they are being added to the OP's follow list, they can still be blocked.

You can block both those you follow, and the people who follow you.

Yes, that's been clarified multiple times, please re-read what I wrote, it's the concern over how they're being added, it suggests a possible account breach.

i.e., even if he blocks that specific user, if they're able to programmatically add a follower or if they're able to login to his account, it's a temporary fix, and the latter issue has some further reaching concerns if they're able to access his account after a password reset.

 

[Scepticalscribe]

Yes, that's been clarified multiple times, please re-read what I wrote, it's the concern over how they're being added, it suggests a possible account breach.

i.e., even if he blocks that specific user, if they're able to programmatically add a follower or if they're able to login to his account, it's a temporary fix, and the latter issue has some further reaching concerns if they're able to access his account after a password reset.

Yes, I get that.

It was simply that in the original post, he had mentioned that he "unfollowed" rather than blocked the offending account/individual.

 

[D.T.]

@ghanwani

Hmmm, it might be a connected app, I was reading some security discussions, that's a common "backdoor" (of sorts, I mean, the initial auth for the app requires user intervention) that can result in the behavior you're seeing.

This is from the regular, desktop web UI, but if you login, go to [...] More >> Settings and Privacy >> Account, then under the Data and Permissions section, choose Apps and sessions, you can see under App, what apps have bene given access to your Twitter account, and by clicking each one, you can also see the level of permission.

Look at this under mine, for Pinterest:

Permissions = Read and write

... and from the Twitter dev docs, I see this (note the underlined):

Read and write
This permission level permits read and write access to Twitter resources, including the ability to read a user’s Tweets, home timeline, and profile information; and to post Tweets, follow users, or update elements of a user’s profile information. This permission level does not allow any access to Direct Messages (including read, write, or delete).

ref: https://developer.twitter.com/en/docs/basics/apps/guides/app-permissions


I bet you've got a connected app that's adding that Follow, go check it out Oh yeah, if you see an app with 'write' access, and you can 'revoke access' (I'd be very cautious about any app having that access level TBH ...)

 

[ghanwani]

I bet you've got a connected app that's adding that Follow, go check it out Oh yeah, if you see an app with 'write' access, and you can 'revoke access' (I'd be very cautious about any app having that access level TBH ...)

Just checked, no connected apps.

 

[D.T.]

Just checked, no connected apps.

Heck, I thought we may have figured it out, weird. Can you check under Connected Spirits and Ghosts ?

 

[ghanwani]

I just unfollowed everyone so now I'm down to 0. I will wait a couple of weeks or so and see if I automatically start following someone as I expect. If that happens, I will unfollow/block and see what happens. Is there any way to check the account history to know when the followee was added?

 

[D.T.]

Yeah, that seems like a good "debug". I'd do another round of password reset and activate two-factor for the heck of it.

If you review your follows, I don't see a date/time, I mean, I'm sure that data is captured, probably available through the API or something ...

 

[MisterSavage]

Wow, that is really weird. I'd be interested in knowing what happened if you ever figured it out.

 

[ghanwani]

I stopped following anyone a while ago (so I was following 0 people for a bit).

It took a few months, but I am now apparently following 2 people and have no idea how it happened. I also have no idea who/what they are.

Impossible to get help from twitter support so I'm not even going to bother contacting them.

Security on twitter is a joke.