My Account Has Been Compromised

If your account has been compromised but you're still able to log in, this page will help you secure your account and stop unwanted behaviors. If you can't log into your account, please see this troubleshooting article.

Has my account been compromised?

Have you:

• Noticed unexpected Tweets by your account.
• Seen unintended DM's (direct messages) sent from your account.
• Observed other account behaviors you didn't make or approve (like following, unfollowing, or blocking).
• Received a notification from us stating that, "You recently changed the email address associated with your Twitter account" (even though you haven't changed your email address).

If so, please take the following steps:

1. Change your password

Please change your password immediately from the Passwords Tab in your Account Settings. Please select a strong password you haven't used before. If you can't log in to your account, please see this troubleshooting page.

2. Revoke connections

While logged in, visit the Applications tab in Account Settings. Revoke access for any third-party application that you don't recognize.

3. Update your new password in your trusted third-party applications

If a trusted external application or widget uses your Twitter password, be sure to update your password in the application. Otherwise, your may be temporarily locked out of your account due to failed login attempts.

Your account should now be secure, and you shouldn't see the unexpected account behaviors moving forward. If you're still experiencing issues, please file a Support request for more assistance.

Protect your Account with Simple Precautions!

If your account has been compromised, do take these additional precautions:

• Delete any unwanted Tweets that were posted while your account was compromised.
• Scan your computers for viruses and malware, especially if unauthorized account behaviors continue to be posted after you've changed the password.
• Install security patches for your operating system and applications
• Always use a strong, new password you don't use elsewhere and would be difficult to guess.
• Visit our Safe Tweeting page for more information on avoiding hacks and phishing.

How do Accounts Become Compromised (did somebody hack me?)

Accounts may become compromised if you’ve entrusted your username and password to a malicious third-party, if your Twitter account is vulnerable due to a weak password, if viruses or malware on your computer are collecting passwords, or if you're on a compromised network.

Unexpected updates don't always mean that your account was hacked. Occasionally, a third-party application can have a bug that causes unexpected behavior. If you see strange behavior, changing your password and/or revoking connections will stop it, as the application will no longer have access to your account.

It’s best to take action as soon as possible if updates are appearing in your account that you did not post or approve. You can find more information about Account Security on the Safe Tweeting help page.