I recently clicked on a TikTok image I found through Google Images on my phone. Instead of redirecting me to TikTok, the link took me to a random and sketchy-looking website. I didn't get a chance to fully load the page before I quickly backed out because it seemed off. Shortly after that, I received a notification about an attempted login on my Twitter account. Thankfully, Twitter flagged it as suspicious and sent me an email, so I changed my password right away. I should mention that I have multiple Twitter accounts, but only one was targeted. I'm really concerned about what happened here. How did that site manage to potentially access my Twitter information? Why was only one account affected? And what other dangers could this site pose to my phone or other passwords?
3 Answers
It sounds like you might have had your cookies or tokens compromised. It's a good idea to change any passwords you might have reused across accounts. Also, make sure to log out of all sessions on Twitter to secure your account completely.
Thanks for the heads up! Could you explain what tokens are?
Honestly, there's a very strong chance this was just a coincidence. From what I understand, clicking a link shouldn't really hack you or steal your tokens. Sure, it could be some new security flaw, but that's super rare and probably not the case here.
If it was a serious flaw, I doubt they'd waste it on targeting ordinary users like us.
Yeah, seems mostly coincidental to me too.
If cookies were taken, resetting all your reused passwords is crucial. You definitely want to lock down your accounts if you've shared passwords across different sites.
Is token stealing from a link something that really happens, though? Doesn't seem likely they'd target random accounts.