Many (many) Twitter accounts have been hacked

Today, hundreds (more?) Twitter accounts posted a Tweet along the lines of: 

We don't currently know how, who, or when Twitter will have the situation remedied. But in the meantime, here are some actions you can take.

1. No Judgement

Two-factor authentication is absolutely something you should use. You should have it enabled on any account you can. However, your two-factor authentication would not have stopped this particular hack. Protect yourself when and how you can. When you can't protect yourself, take steps to remediate the issue.

2. Don't send money to the scammers.

No further instructions necessary.

3. Revoke permissions for apps connected to your Twitter account.

Go to this page: https://twitter.com/settings/applications

Click on each of the apps that are listed. Click to revoke permissions.

Do this even if you really like using those apps. Revoke all permissions until Twitter resolves this.

4. Log out of all sessions.

While you're in the settings of your Twitter account, you should also log out of all other sessions.

This will log out all other places where you're currently signed in to Twitter - your phone, your computer, your tablet, etc. If you're sharing a Twitter account with other folks, it will love them out as well.

Do this now, even though it will disrupt your workflow. You can re-set it up once Twitter has this fixed.

 

5. Make sure you're not mistakenly a part of any Twitter "Team".

Go to this page: https://help.twitter.com/en/using-twitter/tweetdeck-teams

Read it, follow the directions for "Removing  yourself from a team."

6. Reset your Twitter password. Enroll in 2fa.

Go to this page: https://twitter.com/settings/security

Follow the instructions.

If you can use an app to generate your second factor, do that. Use SMS second factor as a last resort. Really not recommended. But it is better than nothing.