If your Twitter account is sending tweets and/or direct messages that you haven’t actually sent, your Twitter account has been hacked.

Some of the messages may look like this:

  • Hey someone is spreading nasty rumors about you: <link added>
  • LOL! I’m laughing so hard at this pic of you:  <link added>
  • Did you see this funny tweet about you? <link added>
  • Watches on Sale! $99 <link added>
  • Lose weight fast! <link added>

If your Twitter account has been compromised, follow these five steps to regain control and prevent future hacking.

Step 1: Change your password immediately

If, or when (as it’s only a matter of time), your Twitter account is hacked, the very first thing you need to do is change your password; that is, if you still have control over your account. Use a different computer or a different browser to log into Twitter. It’s possible malware has been installed somewhere on that device, which led to the compromise of your account.

It goes without saying that you should use a strong password that’s difficult to guess and that’s unique to this particular account and not used elsewhere. Remember to change your password regularly. If you are unable to log into your account because the hacker changed your password, use the password reset form found at twitter.com/account/resend_password. If that doesn’t work, contact Twitter Support.

Step 2: Revoke access from third-party applications & reset those passwords also

Check all of the applications that might be using Twitter for authorization. To be safe, and to isolate the problem, you should temporarily revoke this privilege from all of them. You can add them back, after waiting a few days to ensure the spamming has stopped. Add one application back at a time and wait a few days between adding another one. If an application was the cause of your Twitter problems, adding the applications back one at a time will help you determine which one, if any, was compromised.

Step 3: Begin damage control with an apology

Apologize to your Twitter followers or anyone who might have been affected. Send a few apologetic direct messages to the people that received malicious DMs. Keep your apology simple like: “Apologies for any inappropriate tweets from this account. I’m taking precautions to ensure my account doesn’t get hacked again.”

Step 4: Delete all the tweets and DMs that were maliciously posted

Delete the spammy tweets and DMs, especially if you use your Twitter account for professional purposes.

Step 5: Check your computer

Scan your computer for worms, malware, viruses and spyware to ensure that nothing else has been infected. Be sure that your anti-virus software is up to date and that security updates have been installed for your operating system and applications.


Finally, it’s worth asking yourself how your Twitter account might have been compromised in the first place. Were you using a weak password? Did you unwittingly click on a malicious link? Did you unknowingly visit a fake website loaded with drive-by malware? Or was your password exposed during a breach?

We need to understand, recognize and avoid the risks associated with social sharing sites and learn how to use them safely. Take a few minutes to read Twitter’s security tips.  And watch these short videos on our YouTube channel to learn more about how to keep yourself safe in today’s digital age.