Keeping Twitter secure: connect applications with care

Someone is saying bad things about you.

They aren’t of course. But if you’ve received a direct message like this via Twitter it means that someone in your network has had their account compromised.

Similar rogue direct messages include ‘Someone is saying bad stuff about you’ and ‘Read this yet? horrible blog going around about you’.

The malicious messages and their dodgy links typically direct you to websites containing trojans, viruses and other web nasties likely to hijack your computer, or worse.

Common sense should apply. Never click on the URL and alert the individual that appears to have sent the message so that they can secure their Twitter account.

I received a dodgy direct message from one of my daughters this weekend. Equally, I’ve received rogue messages in the past 18-months from friends and colleagues.

Attacks like this happen because Twitter users allow third-party applications access to their accounts. Less scrupulous applications hijack accounts to send rogue messages.

When you allow an application to access to your Twitter account you grant it access to your network and permission to read, write and often send direct messages.

If you suffer a direct message attack here’s what you should do:

  1. Head to Twitter.com and check the list of applications (settings > applications) that are connected to your account. In particular look for applications that can send direct messages on your behalf.
  2. Revoke access to all applications apart from those that you completely trust. Only Twitter applications such as Echofon, Twitter for Android or iPad, Sprout Social, or Tweetbot should need permission to send direct messages on your behalf.
  3. Delete any dodgy direct messages that have been sent via your account.
  4. Change your Twitter password.

The best protection is to be vigilant when you allow an application access to your Twitter account and to check what permissions you are granting.

If this issue persists it is likely to knock the social network’s reputation. In time Twitter may need to lock down its API and introduce an authentication process for applications that need access to send direct messages.

Thanks for stopping by. If you enjoyed this blog post you may like to receive future posts as they are published, via email. Please sign-up here.

Stephen Waddington

Partner and Chief Engagement Officer, Ketchum and Visiting Professor in Practice, Newcastle University.


  1. I know what you mean. The one issue Twitter has never got a hold of is spam. It’s full of it. From the spam following bots through to messages of this nature.

    I received one the other day that said “you are famous lol”. Maybe I am but I didn’t click that and neither should anyone.

    I think Twitter really needs to get a hold on this now as it moves further towards an eco-system around its own apps rather than other third-party ones.

    I think you may have prompted a blog post idea for me there.

    • Thanks Chris.

      I tagged the last couple of sentences on as after thought. But its an issue that Twitter really needs to address otherwise user confidence will be undermined.

      I look forward to reading and commenting on your thoughts.

  2. Confidence in the hashtag – one of Twitter’s most connective features – is also being undermined by rampant spam. It seems that only minutes after a conference / discussion starts using a hashtag, it gets spammed by the inevitable “egg” profiles. I’ve seen many cases – Economist conferences, WEF discussions, comms/ PR discussions – where Twitter gives a brilliant demo of it’s hashtag spam issue to a very influential crowd. Alongside DM spam I think hastag spam is one of Twitter’s ley limitations and future threats to the platform evolution.

    • Yes. Agreed. And let’s add the misuse of hashtags to the list. Not so much a conversation as a noisy version of a television shopping channel, on Twitter.

  3. Agreed on these points. Twitter does need to do something to crack down on the hacking, DM bots, spambots, etc. However, I think Twitter users can take action themselves to cut out some of the annoyances e.g. An end to automatic ‘thanks for following’ DMs (invariably at about 4am), not hijacking popular hashtags to flog stuff and not giving prizes for RTing messages to all and sundry. Good Twitterquette should be encouraged and promoted. Anyway, rant over (great blog post by the way).

Leave a Reply

Your email address will not be published. Required fields are marked *