Strange Stuff Coming From Your Twitter Profile? Think You’ve Been Hacked? Check Your Apps!

If your Twitter profile has been behaving in a strange way and doing things like sending our tweets you didn’t write, following other users you didn’t authorise and telling everyone you know about the latest amazing diet tips and must-see celebrity nudity, chances are your account has been exploited.

But hold on. Ninety-nine times out of one hundred* on Twitter this doesn’t mean that you’ve been hacked. Instead, it’s far more probable that at some point in the past you have granted a third-party access to your Twitter profile. Which has gone on to do bad things.

And before you say, “Oh no I haven’t. What are you talking about Shea… are you mad?” there’s something you can do to check this out: you need to pay a visit to the Apps area on your profile settings.

Here’s how:

1. Login to
2. Click on the cog graphic on the top-right corner of the page, and choose Settings
3. In the left menu choose Apps

This area lists all the Apps on Twitter that you’ve authorised access to your account. If you’re brand new to Twitter this section will probably be empty. But if you’ve been active on Twitter for a while it’s extremely likely that you have authorised one or more third-party products access to your account in the past, and this is where you need to vet them to see if you want the relationship to continue.

Twitter offers three types of access to third-parties: read only, write and direct messages. Read-only means the app can do nothing more than read your tweets (although they can take the data). Write means they can write tweets to (and therefore from) your profile. And direct messages means they can access your DMs.

Now, if you’ve granted access to a third-party app like TweetBot, there’s nothing malicious whatsoever in what they do with your data. They need full access – read, write and direct messages – to be able to provide you with a functional Twitter client.

However, there are MANY apps out there from third-parties that either do not need full access to your profile, but request it anyway, or want full access to your profile so they can do bad things. It’s these guys we want to weed out of your Apps settings.

To do this, scroll down in the Apps area and carefully look at everything in there. If there’s anything that you (a) don’t recognise or (b) no longer use, then click on the revoke access button to the right of each app to remove it. Once done, the app will no longer have access to your Twitter profile unless you go back and re-authorise.

Again, many apps you pick up on your Twitter journey are good, clean and wholesome. As well as TweetBot, this includes products like HootSuite, Bitly, Klout, Facebook and so on. It’s absolutely fine to give these folks the access they want – although it’s always worth revoking access to any app that you no longer use.

But anything that you don’t recognise or looks even the slightest bit questionable you should revoke right away. And it’s a good habit to check your Apps settings every week or two, and immediately if your Twitter profile starts behaving in an unusual way.

* That other one time? You’ve been hacked. Contact Twitter for assistance.

(Hacker image via Shutterstock.)