So the last few days I have seen several friends send me DMs that they themselves did not create. The messages were always bizarre and off topic, and so after reaching out to them I quickly realized that they had probably ceded control of their Twitter accounts to some untrustworthy app developer, in doing so their reward was an account that was silently spamming their friends.
Now most people who think they have a compromised account would simply try to change passwords and most of the time that would work. However, Twitter relies on an authentication method called OAuth, where you authorize the app which essentially means only you ever know your password. So in order to stop an application from posting on your behalf you have to revoke that applications rights as follows:
- First login into your Twitter account on the web (I know who does that, right?) and click on the Settings button as shown below.
- Now click on the Apps link on the left side of the page.
- You will be presented with a page that has a list of all the apps you have given permission to post to Twitter on your behalf. You should recognize the names of all the apps you have configured. If you do not recognize it revoke its access!