How to Protect Yourself from a Twitter Hack because Even the Tech Savvy Get Hacked

Getting hacked is never fun and it happens to even the most tech savvy. Trust me, I know. Over the weekend, my Twitter account was hacked while I slept and by the time I woke up, I was completely locked out and I ceased to exist as @TechSavvyMama on the platform I’d been using for the past 10 years. Here’s how I knew my Twitter account was hacked, what I did to get it back, and how you can protect yourself from a Twitter hack.

How I Knew My Twitter Account Was Hacked

Clue #1: Push notification on my phone

Before my alarm sounded for an early morning workout on Saturday morning, I woke up, picked up my phone, and saw a push notification from Bark saying my account had been disconnected.

I’ve been using Bark for an upcoming blog post and connected my social media accounts for testing purposes. When I clicked through the notification to reconnect Twitter to Bark, Twitter told me that it didn’t recognize my login and password.

Clues #2 and #3: Email alerts from Twitter

In my sleepy state I could have typed my password in incorrectly into my phone. I opened up my laptop to login only to find two emails from Twitter. The first one notified me of a login at 4:15 am from a computer in Eugene, Oregon that wasn’t mine.

Two minutes later the same computer in Oregon logged in and changed the email associated with my @TechSavvyMama Twitter account.

Just over an hour later, a computer in Ontario logged in to my Twitter account. They changed the password at 5:19 am and logged in at 5:22 am.

The emails state that if I didn’t make this change to contact Twitter Support immediately but I was asleep and by the time I woke up at 7 am, it was too late.

Clue #4: “Sorry, that page doesn’t exist!”

The URL for my Twitter page has always been Twitter.com/TechSavvyMama but a sure sign I had been hacked was this.

This indicated that someone had hacked my account and changed my username from @TechSavvyMama to something else.

Clue #5: My profile photo was changed

When I tried to verify my personal information to access my account, this profile picture came up with my @TechSavvyMama account.

I tried unsuccessfully to enter my email and phone number, and even tried to get in via Instagram because my Twitter account was connected to it, but the hacker had locked me out. Clicking on “I don’t have access to this information” led me to the Twitter Support page.

What to Do When Your Twitter is Hacked

1. Click through the link in the email notification

If someone is trying to login as you and you happen to see the email notification right away, click on the link to contact Twitter Support immediately. For me, it was too late.

2. Contact Twitter Support

Since my email address, phone number, and password had been changed by the hacker, there was no personally identifying information tied to my account that I could use to recover it. The best thing to do is to file a case number with Twitter Support.

I found that the best way to create a case number with Twitter Support was to click through the email I received notifying me that someone had tried to access my account via my mobile device. When I tried using Twitter Help on my laptop, I kept getting stuck in a verification loop on the website where it wanted information I couldn’t provide because the account was outside my control.

I don’t know why the process for submitting a support ticket is different on mobile via the Twitter website but the Twitter app showed me the new profile photo associated with my account and let me submit information to create a case number. I received an email with a copy of the case number while Twitter reviewed my account.

I replied to the email and included screenshots indicating that my account was hacked along with a copy of an email I received from Twitter upon verifying my account two years ago.

3. Enlist Friends to Tweet on Your Behalf

Everyone has a network. Use yours to help tweet @TwitterSupport. One friend instantly Tweeted and her tweet became the one that everyone retweeted.

Help Twitter-land and @TwitterSupport! @TechSavvyMama’s account was hacked overnight and she has lost complete control of her account – 2 step notification was even turned off. What can be done?

— Jen Lee Reeves (@jenleereeves) July 7, 2018

Note that while your Twitter account is hacked, you’ll be locked out and unable to see tweets. I created a new account just to read tweets, tweet to @TwitterSupport, and RT.

Hi ! I’m Leticia and I used to tweet as @TechSavvyMama until someone hacked & stole my verified account I’ve been using for 10 years! I set up this new account to use and appreciate your Tweets to the attention of @TwitterSupport ! Keep tweeting & I’ll keep you posted! ❤

— Leticia Barr (@SavvyLeticia) July 8, 2018

4. Don’t Get Discouraged

48 hours after my initial request, I received this email:

I could tell that this was an automatic reply generated because Twitter couldn’t find any information associated with my account. No kidding. The hackers deleted everything. While this email was a punch to the gut on a Monday morning, it was time to step it up.

I put out a call on Facebook for friends with any contacts to message me. I tweeted a new message from my brand new @SavvyLeticia account and asked friends to RT it.

Desperately needing help from @TwitterSupport for my hacked & stolen @Techsavvymama account. Got this email this morning and would really love to talk to someone about my 10 year old verified account that was stolen Sat AM while I slept. Thank you! pic.twitter.com/V5XYjfUcfZ

— Leticia Barr (@SavvyLeticia) July 9, 2018

I combed LinkedIn for friends of friends with contacts at Twitter. I tried to stay positive and refrained from sending angry frustrated tweets to Twitter Support.

Thank you SO much @Clarissa_xplain! Hoping to hear back from @TwitterSupport about my @TechSavvyMama account soon! It was a verified account I’ve had for 10 years and then poof- GONE! ☹️ https://t.co/odo3s9Ivd9

— Leticia Barr (@SavvyLeticia) July 8, 2018

It’s ok to be angry and frustrated but be kind if you want help and remember these Tweets are part of your personal brand when your Twitter account comes back.

How to Protect Yourself from a Twitter Hack

Account hacks happen even to the tech savvy but there are things you can do to protect yourself from a Twitter hack and many of these same things should be applied to all of your other accounts.

Create Strong Passwords

We hear this a lot but how strong are your passwords and do you change them as often as you should? Remember: hackers make it their job to figure out your login credentials!

For example, “password” is not a password and even if you use numbers and symbols that transform “password” into P@$$w0rD, that’s not good enough because hackers are committed to accessing your accounts.

If you have trouble remembering your passwords, use LastPass. LastPass is a free service helps you generate and manage secure passwords then stores, organizes, and updates them in your secure vault so you can access them on your laptop or desktop browser or on mobile devices.

Here’s how to get started with LastPass:

Start by downloading the extension for your favorite browser that will allow you to save and access your passwords.

Then make a strong master password. Make it long, random, and include letters, numbers, symbols, and lowercase and capital letters. LastPass recommends making it a memorable passphrase such as lyrics to a song or quote from a movie.

Once you do this, LastPass will help you save passwords to your secure vault. The browser extension works to save sites as you login, import sites from your email, and you can even import/upload passwords from other password managers you previously used into LastPass.

Since you can use this free service on your laptop, tablet, or on your iOS or Android device, you’ll want to download the LastPass mobile app for iOS, Android, and Windows Phone devices. Since you’re LastPass is backed up and synced across all of your devices, you can always access your passwords regardless of where you are. LastPass verifies my identity through the fingerprint feature on my phone and fills in any login or online form in seconds.

LastPass also has a Family Plan ($4/month) that allows you to store and share passwords that can be organized by folders by family member or account type to provide everyone with access they need.

Review Your Security Settings

Gone are the days where a login and password will protect your account. Once the hacker got into my Twitter account, they changed my password. With the new password, they were able to make changes to my settings.

Twitter, like other sites, provides 2 step verification or TFA. TFA provides an extra layer of security because it requires a username, password, and additional information to protect your account from unwanted changes. Having multiple levels of verification that require information known only by you is an important precaution to take to securing your account.

Here are the steps you need to take to secure your Twitter account with 2 step authentication:

• Log into your account-> click on your avatar in the upper right corner of the screen-> select Privacy and Safety
• In the middle of the screen under Security, click on Review your Login Verification Methods.
• You WANT Twitter to ask you for additional information to confirm your identity and protect your account from being compromised.
• Underneath Login Verification, you’ll see Password Reset Verification.
• CLICK THE BOX!
• Then click the Save Changes button at the bottom.

From now on, Twitter will text a login verification code to your phone that you’ll need to enter to make changes to your account or login from other devices.

There is nothing convenient about getting hacked but if I’ve learned one thing from my Twitter hack it’s to check accounts, change passwords, and make sure two step verification is active. Protecting yourself from a Twitter hack is important but you need to give the same attention to each and every one of your other accounts to keep them just as secure.

Affiliate links are included in this post. All opinions are my own and based on personal experience.