If your twitter account starts sending messages by itself, or has weird stuff that you didn’t enter in your profile like text that reads “Mikeyy” or other names, then it’s highly likely that your account has been taken over via security hole (specifically a “cross-scripting bug”).

How It Happened

Your account was probably infected when you viewed the profile of somebody else infected in your web browser. Often these are hidden behind tinyurl and other URL shorteners – bear that in mind.

Fixing The Problem

1. To fix it, the first thing you should do is turn off JavaScript.
2. Go to your Twitter Account Settings (You may need to get your password reset via email before you can log in.)
3. Update your Name, Username, More info URL, One Line Bio. Press ‘Save‘!
4. Click the Password tab and change your password. Click ‘Change‘.
5. You should now be able to turn back on JavaScript.

Update: One other place I’ve heard there might be security issues is the background colours page of your profile design, so go and reset the colours in the design section. You need to have JavaScript on to do this – avoid visiting any other twitter profiles while fixing your design settings.

Preventing it Happening Again

To avoid problems with this in future, I recommend you use a secure browser (I recommend Firefox instead of Internet Explorer). You should either browse with Javascript turned off (which kinda sucks) or use a plugin like NoScript for Firefox which allows you pick and choose what you allow to run.

Did this help?

If this helped you out, follow me on twitter and send me a message. I get the warm fuzzies when I find out that these posts helped someone, somewhere.

If it didn’t help, then send me a message on Twitter or leave a comment below with your question – I might be able to help out with the issue!

Regards, Alastair.