I have a lot of Auto-Tweets that go through my account, whether it was Triberr or Tweet Old Posts, or auto-tweets from WordPress and Facebook, sometimes it is very hard to keep your Twitter account only churning out quality tweets. You just have to make sure that you have what you want authorized and what you don’t “revoked.”

But, even though I did pay attention to what I was sending through my twitter account, I started noticing some things that I don’t believe were supposed to be there. And it was very subtle.

I wouldn’t have noticed it if someone hadn’t retweeted it:


Now I didn’t click the link – but I did scan it and got these results on Sucuri & URLVoid:


Blacklisted is not good. So I assumed it was a spam hack.  But, really have I been hacked? Or did I retweet @MortalMovie and authorize them for something? The MortalMovie twitter account is a legitimate account, but checking their account – that tweet that I “retweeted” was never generated through their account. So this hack was a targeted tweet, knowing my twitter circles likes the TMI movie and would hopefully click that link.

The first thing I did was:

  1. Change my twitter password

But, then I did more digging and saw another tweet, which had engaged some of my users:


They were using @MortalMovie again & even @iTunesMovies and again the link was blacklisted, but I took a chance and clicked it on a secure browser. And I saw at the top a logo – SocialToaster. Which I had investigated at some point after reading a “Twitter Must Haves” post on a tutorial piece. It is a pay service that helps you gain twitter interactions.

I had obviously authorized this site to tweet out @MortalMovie info. It made sense, when you are hacked they go in and they just bombard your users with DMs and other spammy links. Why would someone hack my twitter account and then just tweet out something every few days? SocialToaster is used by Sony Pictures and I had entered a contest from the City of Bones movie. I must have authorized, or signed in via twitter when I entered the contest. You click “Yes” I agree without even thinking on these contests. Did I authorize that they can tweet for me? Probably. I don’t mind tweeting out stuff for the @MortalMovie – but I want to have a choice. I don’t want it just done for me.

So, my second step was going and checking my authorized apps in twitter:

  1. Click the gear at the top of twitter.com and scroll down to settings
  2. Click Apps on the left sidebar
  3. A list appears of all the apps you authorized to use twitter.

I looked through all of my authorized apps, if I did not recognize the web sites or program, and it had Write permissions, I clicked Revoke Access:

Twitter___Settings-3If you find an app you don’t like, click Revoke Access. I’m hoping this works. But, I’m guessing time will tell. I haven’t seen any tweets since Nov. 23rd – so hopefully it did the trick. Hopefully this will teach me a lesson and as always I’ll pass it on to you guys.

Precautions you can take to protect your Twitter Account:

  1. Make sure your password is Strong, use Capitol, Lowercase, Numbers & Symbols
  2. Never give out your login & password
  3. Never authorize through a site you are unsure about
  4. Pay attention to your tweets
  5. Never click a DM link or tweet link you are unsure about