Log Into Twitter And Change Your Password

Done!

Chris,

I think I speak for many when I say it's great to see "holy hell" in your writing. Way to irreverently spice things up! I'll RT.

It's sad that so many "web savvy" adults have forgotten so quickly that not everybody is a lovely person hoping to connect for the right reasons.

Well, how easy is that? Why didn't I think of that Chris? DOH!!!

Mind if I repost this on http://helpviatwitter.com as well? Full acknowledgment of course and link.

Cheers mate..

Was tempted to joke about how you should go see this great blog. But the annoyance factor of this phishing thing is beyond the opportunity for a cheap chuckle. I can't imaging how you're going to pare down your 25,000.

BTW, I'm in Vegas right now. Took a Qik of my room. Just search for jeffcutler on qik - AMAZED at what I traded my lousy Disney timeshare week for.

DM me if you want to grab a bite. Interviews every day of the week (starting tomorrow AM), but will have some time around those to eat and poke around Vegas.

Well said. Short and sweet!

Rock-Star!

Why change the password? Is not being stupid no longer enough?

just DID IT =)

Did this just recently actually, and changed other Soc.Media passwords, and then had to go and update each service I use with twitter, didn't take too long.

And I don't fall for phishing ;)

done

Seems easy enough. But why would you change it if you didn't click on the link?

Hopefully after this message spreads through twitter people will finally get the message and change their password.

Hi Chris!

Thanks for this post. This piece of advice makes so much sense. I am changing all of my passwords.

Thanks again!

Done! Thanks! :)
-Mig

Great advice with what's going on.

Then again, no one will every guess my Twitter (and everything else) password of "redsox"

Errr, that's a joke folks!

Just go change it, preferably to a non dictionary word!

"This phishing thing is getting stupid fast" And it's morphing fast too. Just got a new DM promoting a site for a free iPhone.

Thanks Chris, just retweeted.

Here's some background on why Chris is asking you to do this...

http://news.cnet.com/8301-1009_3-10130566-83.html

Just FYI (I know you didn't mention SocialToo, but since you have in the last week I wanted to make others aware), the ONLY thing SocialToo.com requires the password for is auto-dm and auto follow/unfollow. If you don't want those services, please, sign up without your Twitter password (we do require the username if you want to block dms or get the nightly stats e-mail). I am fighting Twitter *hard* on the dev lists to require more than basic auth for their API. I'm going to try to make that more clear in our registration.

Oh, and btw, if Twitter doesn't do anything soon, I've got a feature I'm going to release that will hopefully help put an end to these worms. Stay tuned and I'll let you know if I do it. (oh, and donate so I can keep adding features like this! I aim to please you, Chris.) :-)

Oh, a non dictionary word. I'll use "gullible" then.. I heard that's not in there.

Thanks!

I haven't done anything or had any problems lately that leave me to believe that I should change my Twitter password. I think that in a case like this, it would make sense for you to provide a bit more explanation. I know there's a phishing scheme afoot, but not all of us fell for it.

I clicked the link, did NOT login. Thought I was safe. Spread the word about the phishing expedition.

Came back today and could NOT login to my twitter account! I had to reset my password anyway.

Should have done it anyway last night, just to be on the safe side.

Thanks, Chris.

I said it on Twitter and I'll say it here -- Why on earth do people get to into their twittemperature, a cool site about them, blah blah blah. It takes 5 seconds to create your own narcissistic blog -- so many moms on blogger do!

Sounds simple enough. Am so not going to trust another twitter based service that requires my password.

Remember, it's not whether you clicked the link. It's whether you used a 3rd party app.

Just sending a *hug*, Chris. The phishing/spam/dumbshit internet usage is high speed suckage. I can only imagine the number of times you've been hit now. So sorry. *more hugs*

It's just a good habit to change your passwords regularly, phishing or not. I know (myself included) that most of us don't. After the recent Facebook spam (very similar to the current Twitter garbage), I started changing passwords on everything I log into.
It sounds counterintuitive, but write them down (pencil & paper), and keep that safe. It's less likely that someone will break into your house to steal your passwords.

Give a man a phish & you can lure him to a bogus Web site & steal his personal information.
Teach a man to phish & he'll lure you to a bogus Web site, steal your personal information, seduce your wife & hurt your dog.

What incenses me is Twitter doing a piss poor job of managing the situation. Bloggers and others have to do it for them. They couldn't simply delete the "phisher," instead they inconvenience everyone by warning them by saying, "Phishing just happens..."

How much VC money do they need to not get raped by a phishing scam?

Oh, and how much does it take to make money?

The phisher isn't using *a* Twitter account. They took advantage of people clicking links and supplying login information to takeover innocent accounts to DM for them. Twitter definitely needs OAuth, NOW, but they are taking steps to lock accounts (until they reset their passwords).

I wonder if it's a coincidence that the phishing happened after Chris's blog about DMs and robots? Is this some kind of revenge? Is Skynet now active? In all seriousness, has Twitter provided a way to report the usernames of people from whom we received the DMs? That would be a first step to fixing this. I would suggest changing your password and not using ANY external apps until this DM issue settles down. Has anyone heard anything specific and/or useful from Twitter lately -- the silence is deafening.

Matthew Gilbert
@doctorious
doctorious.org

I did this earlier. I hope they catch whoever is doing this and sock them with a huge fine/jail time.

Hi Chris,
Could you amend your post to include this link to Chris Pirillo's post explaining what is going on?

http://chris.pirillo.com/2009/01/03/phishing-sc...

Your post is more inflamatory than explanatory.

It's like you are spreading fear instead of reason.

Right?

Thanks,
--Steve

Thanks.

That helps.

I received the dodgy DMs from someone I wasn't even following earlier today. Was smart enough (whew!) not click through. Any idea on the best way to report that user account?

I just recently started changing all of my passwords just to be safe. I guess we should all get in the habit of changing our passwords more frequently...

-Justin

Twitter has a post about this on their blog too:

http://blog.twitter.com/2009/01/gone-phishing.html

Chris,
Good to see this warning from you. I started warning my friends during the day on Sunday.

Keep STRONG, Everyone!
Vincent

I wonder how much phishing we could eliminate if only two countries were to go dark...

Anyone guess which two?

One starts with N and has oil, the other starts with R and has oil.

@skyminor your answer!

Thanks for posting this, Chris although Steve was right to push you display more info. A couple of small disagreements here with comments.

1)Twitter has many faults (what site doesn't?) but they are not responsible for the links you may click on to get lured to a rogue site. People use AV and think they're safe, but most security experts will tell you that the biggest danger is now from web sites and scripts on same.

2) There are a couple of countries that are apparently the source of most wicked schemes and spam on the Net, but they are not necessarily the originators of of said schemes or spam. There will always be drones in bot networks and they can just as easily be in the USA as anywhere at all. Granted, in the case of spam servers, blocking two countries would do wonders. Unfortunately, one can't do this if there is the slightest possibility of international business from said countries.

Chris, I like when you talk dirty in a Holy Hell sort of way :D
I want to be able to just turn off my DM function all together...does anyone know how to do this? Twitter is for shouting tweets/links or else send me a private email but forget DM's they are so annoying IMHO.
http://thedogsdish.posterous.com/social-network...

Thanks Chris - done it. Email phising has a new friend... Twitter phising.
I like your approach: no tip toeing around this issue - just do it and do it now!

Remember passwords are like toothbrushes.
They should be changed often and never shared.

Of you could say they are like underware :)

I did it and tweet this post... thanks a lot

For past 20 hours (yesterday) Twitter is not sending notifications to email regarding DMs or followers, but the are showing up on twitter account. I have changed both passwords several times the past week ... It appears that Twitter has been compromised somehow from main site.

This is getting pretty pathetic. Everyone should know that they should always worry about who they are giving their passwords too.

Done did the do! Thanx!

Great advice, done!

Be wary of giving your password to ANY apps that are out there - where there's a password (will) there's a way. If they can get into your data they will. We're pretty familiar with the standard phishing scams but need to be extra cautious about what else might be phished.

@clarevans

I did do that but i also think it's a good idea to send a message to those accounts that are hacked, that are sending you the phishing DM's telling them that they've been hacked.

Done. Why is there no https on the settings/password page in Twitter? Disturbing.

Done! Until I read your post, I didnt' know that using 3rd parties could have led to this. I'll do what you said and RT the hell out of this link!

Couldn't have come at a better time!
Context: Twitter monday hacking madness ;)

Well, this post finally made me move. Though I had not fallen for the phishing scam, but I have in the past given my twitter credentials (however begrudgingly) to third party sites (one actually, for auto-tweeting my posts).

No more. I have changed my password, but since I still wanted to auto-tweet, I did this: http://blog.gadodia.net/twitter-safety-with-win...

Phew! I thought I was the only one who's a little paranoid about this.

It's a shame that it came to this - I guess it was bound to pop up. I recently developed a Twitter plugin for WP which allows users to post directly from a blog to Twitter, however it asks for their username/password. I am sure there is going to be some user trust related issues now with such a plugin due to these issues. Ugh!

very nice blog . it is very helpful to all internet user keep on update wish u best of lick and also visit my site http://adsensetips4money.blogspot.com/

I NEED 2 CHANGE MY PASSWORD!!!!!!!!!!!!!!

DIZ IZ 4 ALL DEM HATERZ OUT DERE SIPPING ON DAT HATER RADE..........