Reacting to a phish

Late last night thousands of twitter accounts were hacked. The @zutweets account was one of them. What happened was the hacker used a phishing technique to send direct messages to a number of @zutweets followers.

If you Google “twitter hacked” you will see that banks, politicians, large corporations and individuals experienced the same issues as zu did. You will also read that many of them did not know what to do and they started sending out panic tweets, which probably did more harm than the original phishing attack. It should be noted that in all cases, no follower data was accessed.

Here is what we did a few minutes after the attack. We quickly changed our password so that the phishing attacks would stop. Then we disabled the ability for third-party software, such as TweetDeck and TwitterBerry, to access our account. Finally, and this is the most important thing, we sent out a tweet acknowledging what happened, apologizing and saying we fixed it.

This let everyone know we were aware of the problem and we fixed it. What happened afterwards was a bunch of people thanking zu and supporting @zutweets.

Phishing attacks will happen to everyone at some point. It is part of being on the Internet. These are not a big deal if handled properly, so prepare yourself ahead of time.