PSA: Changing My Password was Not Enough

It was five o’clock, on a Sunday. I’m walking out the door of the VeloCity Garage, when I start getting DMs and Facebook wall posts from people who I have not spoken to in weeks.

Ah, that would be why. My account is spewing direct-message spam on Twitter. My account! At this moment, I look like the least intelligent person on the Internet.

So, I panic. First thing I do, is open up my mobile Twitter app. Change the password. Then I refresh the DM list. Why the hell are there still new ones being sent? F**k.

tl;dr: Went back to the office, revoked every application token for my Twitter account, reset my phone (just in case it had malware on it).

Needless to say, I am a bit shaken. I have no clue why it happened, if what I did was sufficient, or if it will ever happen again.

It seems to me that passwords are broken. But I have no clue what the right answer is. OAuth and Persona? Two-factor? Changing my password was not enough. Not today.