I don't use Twitter so didn't spot it until my gf noticed. Some Russian dude has been spamming like 20 posts a day for at least 17 days (as far back as I can search from my phone anyway). I'm always really careful with sites so no idea how I was compromised. It'd be either my desktop or phone, but I haven't used Twitter in maybe a year so not sure how they got in. Hopefully not a keylogger anyway. Any ideas on how to find out where I've lost my details? Obviously going about changing my passwords now. Anything else I should check?
Twitter account was hacked, how can I track the leak?
- Thread starter Devrij
- Start date
Not really.
My secret question was way too obscure. No chance they guessed it. If we're getting pedantic, then I was probably phished. I'm just curious as to how, since I haven't used that account in so long and yet it was compromised recently.
were you left logged in on a shared computer?
I imagine its a brute force botnet thing that as soon as it gets any results it does its job.
I'm guessing twitter makes you fill out a capatcha after a few failed logins then locks the account for a few mins after the next few fails like most things do, that would render brute forcing it a stupidly long process purely because of the wait/human interaction.
+12781872812781
Huge pet hate of mine. Your account was not hacked, it was compromised by your lack of security/anti-malware/common sense in public places/usage of public WiFi/Not encrypting your network traffic.
There are 10s of possible ways your account was compromised.
If you are using publicly available internet, or ANY internet that can be shared make sure your traffic is encrypted. Not just web usage but any mobile app you let have at your credentials - do you know they are sending traffic encrypted or not?
Same goes for IMAP/email - USE SSL/TLS! If your host does not support it you FIND A NEW HOST!
So many people are using mobile devices these days and TOTALLY underestimate just how insecure they are when they jump onto a publicly accessible/shared wireless network IRRESPECTIVE of whether it has encryption on it itself. The network can have encryption but that means sod all when someone else is on the same encrypted network listening to your unencrypted network traffic. Look into tunnelling your traffic back over a VPN/SSH tunnel or make damn sure your using HTTPS/TLS/SSL/Whatever other encryption method for whatever you are doing off your device.
Might sound overkill, sure. But if you value your security you should look into it.
Last edited:
Soldato
- Joined
- 10 May 2004
- Posts
- 13,073
- Location
- Sunny Stafford
Gah, I hate the mis-use of the word "hacking", especially on dA. Omg omg my dA has been hacked!!1 No, somebody correctly guessed your password / secret question, just as Hellsmk2 had said in post #2.
Hacking is where you're using dictionary attacks to brute force a password, or you're a programmer reverse-engineering the site's security, or you've planted a Trojan horse on the victim's computer.
And as for phone hacking. No, I think it's always been known as phone tapping?
Hacking is where you're using dictionary attacks to brute force a password, or you're a programmer reverse-engineering the site's security, or you've planted a Trojan horse on the victim's computer.
And as for phone hacking. No, I think it's always been known as phone tapping?
I'm a leet haxxor.
Got into someone's voicemail by typing 0000 as a pin.
This one time I had a really hard hack, I tried 0000 but got a denied. Being the pro I am I swapped to my 1234 attack and typed in 1234. Straight in
We could use someone like you down at the office:
