- Don’t panic. Seriously. Calm the fuck down. What are you, a schoolgirl or something? This is part of your job and, incidentally, your chance to shine.
- Try logging in as normal. It may not have occurred to the bastards currently tanking your career to actually change the password.
- If this doesn’t work, hit ‘the ‘forgotten password’ button and check your email account (including spam folders, and any filters that might have eaten it) for the reset link.
- While you’re waiting for the link to arrive, or if you’re unable to reset the password, damage limitation is key: Drop the client a quick email, text or phonecall to let them know that the situation is under control. Make sure you sound calm and reassuring.
- If you can, login with any third-party software you already use, such as hootsuite or tweetdeck, and minimise damage by immediately deleting any unauthorised posts and explaining to any offended/concerned/amused followers what’s going on.
- As soon as you have access to the account via twitter.com (NOT via any third-party apps), log in and change the password again. Ensure that the email address(es) associated with the account are ALL yours and are kosher. If any of them look a little iffy, or point to a non-work-sounding address (such as hotmail), delete immediately and replace with one that you know to be safe.
- De-authorise ALL apps that currently have posting rights, just to be sure. You can re-authorise them one by one, once you know the account to be secure and the crisis over.
- Once the bad guys are completely removed from your account, contact the client again, letting them know that everything is once again secure and the cleanup has begun. Transparency is the key here, both to the client and to your followers – make sure everyone affected is aware that this was not intentional, and that you once again have it under control.
- Make sure everyone involved knows how amazing you are for dealing with this so quickly and capably.
If you haven’t already, you should also follow these basic password security tips to minimise the chances of this happening again.
(First posted January 4, 2014)