Hacked on Twitter! Here's How It Happened

“All you have to do is exercise reasonable precautions.”

DI Lestrade, Sherlock: A Study in Pink, written by Steven Moffat and Mark Gatiss

DI Lestrade would be shaking his head at me. Sherlock would have kicked me out of his rooms a word and a half into my story. But here is my story. I admit I acted foolishly and did not use reasonable precautions. I got tricked into giving away my sign-in and password to my Twitter account. And that was the password to a number of other accounts as well. 

Late last Sunday afternoon, my phone beeped as it always does to alert me that I had an email. I get email every time I am mentioned on or Retweeted on Twitter. Good thing! The email said I had been Retweeted. I looked to see what tweet of mine had been retweeted. Hmmmm...A Dr. Oz diet tip with a link. I had never tweeted any such thing.

I rushed to the computer, knowing I'd been hacked. Someone was now sending spam as me, to steal more passwords no doubt.

Here's How The Heinous Hackers Got My Info:

Earlier in the day I had gotten the following tweet from someone I follow who was in the middle of reading my book: ‪

@gvrcorcillo book is freaking funny I bout peed myself lol #shelikesitrough

Not long after, I got another tweet from someone I follow:

@gvrcorcillo rofl this was made by you? Tinyurl.com/xxxxxxx

(I have taken out the actual link numbers and letters to avoid spreading the piracy plague.)

So I'm thinking, “Did he see the other texts and get my book? Is he a fan? Is that a link to something about my book and how awesome it is?” Yep, the writer demon in me craving praise at any cost took over and gleefully clicked the link. After some glitching, a page opened. And then things got really stupid.

Here is the page that came up:

Screenshot from http://www.zdnet.com

There was the Twitter Bird in the corner and the screen's background was that blue cloud background Twitter has as one of its backgrounds. 

“Oh,” I thought. “Okay. Sign in again.” I was actually pretty annoyed. Seriously, I was as eager to see good stuff about my book as Johnny Dangerously's brother was to get laid in the courthouse on his wedding day. So I quickly signed in with my user name and password, positively jonesing to see what my fan had said. But, the page crashed. And I thought, “Oh, well. Advertising spam. Sigh.” Completely discounting that I had just SIGNED IN on the bogus page!!!!

A few hours later, when I saw that @gvrcorcillo had tweeted two Dr. Oz diet tip tweets that I HAD NEVER TWEETED, it slammed into me like an overpowering wave off shore – the kind that grinds your face into the sand at the bottom: I had given away the keys to my Twitter Kingdom.

I immediately got onto Twitter and deleted the two bogus Tweets. Then I changed my password . Then I sent out a bunch of Tweets explaining thatI'd been hacked and that my Dr. Oz tweets were from Hackers. Then I reported the violation to Twitter. Then I changed every single password I have for anything. The good news is that I just went back into the bogus rotf tweet I originally got. When I clicked on the link, the bogus sign-in page did not come up. Instead, a message cam up telling me that the link was unsafe. And it did not ask me to sign in!

Let me be clear: I am not warning anyone away from clicking on links on Twitter - there is a lot of cool stuff to be found by clicking twitter links - such as my books in many of my own tweets! But DO NOT sign in after you have clicked a link.

This kind of hacking is called phishing, and if it happens to you, forward the suspicious  tweet to spoof@twitter.com then DELETE THE TWEET.

Twitter is wonderful and I love to tweet, but... 

"Beware the the Jubjub bird, and shun

The frumious Bandersnatch!"
Jabberwocky, written by Lewis Carroll

Sincerely,


GVR Corcillo
@gvrcorcillo