How Twitter Punished Me for Getting Hacked

My Twitter account was hacked on Monday, 26 July. I tried to recover it by changing the password, but the hacker was too quick for me and changed the email address and phone number so I was locked out. I immediately reported the hack to Twitter Support and naively thought I’d get back control of my account within a couple of days or so.

Wrong!

After sending Support the required information, the days slipped by with no response. Not that it seemed to matter too much because the hacker wasn’t doing anything with my account. At least nothing I could see. Because I had created a new account to monitor activity on the original one.

The seemingly endless stream of bitcoin spam messages began about 10 days after I was hacked. I flagged up some of the tweets to @TwitterSupport and also reported the account as hacked by clicking on the three dots and then Report – “It appears their account has been hacked”. Many of my followers did the same (thank you so much!) and/or contacted me via my other social media to tell me what was happening.

To no avail.

Twitter support continued to ignore all attempts to contact them about the situation, which was surprising as I thought they’d have wanted to stop all the spam. In fact, the only consequence was that the hacker blocked my new account to stop me from seeing what was going on.

So I created another new one.

Oh. I also got a number of replies from people telling me to contact XYZ as they were Twitter whizzy geniuses who’d be able to return my account to me in next to no time. But they all looked dodgy. People – wait, maybe I should edit that – bots (?) with hardly any followers tweeting the same messages about contacting their recommendation for help.

I ignored them all. Because I didn’t want to jump out of the frying pan into the fire and give away any more personal data.

Instead I used the second new account I’d created to report some of the bitcoin tweets and my original account as hacked in the hope that lots of noise would attract some attention (some of my followers had the same idea and were bombarding @TwitterSupport too). But it didn’t help and we just got blocked by my hacker.

As I was getting rather fed up that nothing was happening, I filled out Twitter Support’s form again using a different email address in case for some reason there was a problem with the one linked to my original account.

Result! They replied!

Hello,

After reviewing your request, we realized that the email address you used to send us your request doesn’t match the email on the Twitter account you’re reaching out about. 

Because of this, we have to ask that you file a new support request using the email associated with the account. 

To file the new support request, follow these steps:

– Visit our forms page

Create a new request with the correct email address. 

– You’ll get an automated response to the correct email. Reply to that message to confirm your request. 

If you can’t access the email address associated with the account, you might want to contact your email provider for help with an old, or inactive, email account. Check out our tips on troubleshooting for more guidance. 

If you file a new support request, please reply to this email with the new case number. We appreciate your help! 

Thanks, 

Twitter

I did as instructed, even though, obviously, the hacker had changed the email address, password and phone number originally associated with my account. All I could do was give the info linked to it before this unfortunate situation arose.

And then I played the waiting game once more.

Almost four weeks after I was hacked, I was mightily relieved to finally receive this cheery message from Twitter:

Looks like you’re good to go

Hello,

We had a look at your account, and it appears that everything is now resolved! 

If that’s not the case, please reply to this message and we’ll continue to help. 

Thanks,

Twitter

But that relief soon dissipated as the email was sadly lacking in detail. Had they restored my account to me using the original address and password?

No. That didn’t work.

So I created the third new account since the hacking to try to find out what they meant by “good to go”. That’s when I discovered they’d suspended my account.

Totally frustrated and more than a little annoyed, I wrote back to them asap:

Hi,

I don’t understand how you can say that this has been resolved.

My account @nikki_graham was hacked on 26 July and then some days later sent spammy bitcoin messages. I reported this to you immediately and many of my friends also reported that my account had been hacked.

I’ve now created a new account to check what’s happening and I have discovered that you have suspended my account.

The only way this will be resolved to my satisfaction is if you give me access to my account @nikki_graham. I’ve spent years on Twitter building a following for my business and I don’t want to have to start from scratch again.

Here are the details again: […]

As it has been nearly four weeks since I was hacked, could you please resolve this as soon as possible.

Thank you.

Regards,

Nikki Graham

OK. OK. Perhaps I could have been a tad politer and displayed more patience. But was I even talking to a human? And just how long does it take to solve a hacking problem?

Apparently, for ever.

A few hours (yes, hours; Support had finally woken up and was engaging with me) after firing off my message, I received this response:

Hello, 

We’re writing to let you know that your account has been suspended––and will remain suspended––due to multiple or repeat violations of our rules

We don’t allow the following behaviors on Twitter: 

– Creating serial and/or multiple accounts with overlapping uses

– Evading a permanent suspension by creating or using another account

– Cross-posting Tweets or links across multiple accounts

– Aggressive following, particularly through automated means

Please do not reply to this email or send us new appeals for this account as we won’t monitor them.

Thanks,

Twitter

I’m still not entirely sure what I’ve done wrong, although I’m working on the assumption that the four points were listed for a reason.

  • I only created the three new accounts to check what the hacker was doing, alert @TwitterSupport and ask the translation and interpreting community (i.e. most of my followers) to help me get my account back by reporting it as hacked.
  • I didn’t evade a permanent suspension by creating another account as I didn’t find out I’d been suspended until after I’d created the third account.
  • And, as far as I know, I didn’t cross-post Tweets or links or
  • Follow anyone aggressively, but maybe my hacker did.

Apparently I can appeal this permanent suspension. But to do that I’d have to log into my suspended account, so I’m back to square one.

My advice to you is don’t get hacked. Change your password now to completely random numbers, letters and symbols and keep your fingers crossed. Because otherwise the fruits of your efforts to set up an online presence on Twitter could vanish for good. In my case, it’s 12 years, 7,000 followers and around 25,000 tweets (more or less, can’t remember exactly now) down the drain.

On a more serious note, Twitter obviously needs to improve its Support system and hire a few more humans to sort out issues. I would gladly have paid to talk to someone who would have listened to my problem and resolved it quickly. Perhaps it’s time to introduce some paid account options.

Twitter’s a bit like Marmite. You either love it or you hate it.

I used to love it and check my feed several times every day. Now I sincerely don’t know whether I’ll ever bother with the platform again.

P.S.

Early readers of this post have told me that besides having a strong password, which you can create and then store with password managers such as LastPass and KeePass, we should also set up two-factor authentication.

To do this, on your mobile go to “Settings and privacy” and then click on “Account” and finally “Security”. On a PC, click on the three dots on the left marked “More”, then “Security and account access” and finally “Security”.

Clicking on “Two-factor authentication” will take you to a screen with three options to choose from (see below).

Twitter can also send you a single-use backup code in case you don’t have access to any of your two-factor authentication methods.

While you’re at it, set up password reset protection as well.

I hope all this manages to keep your Twitter account secure.

11 thoughts on “How Twitter Punished Me for Getting Hacked

  1. Bonjour,

    Je trouve votre histoire absolument terrible. Vous décrivez très bien la situation et j’en suis désolée pour vous.

    Personnellement, j’aime bien recevoir des notifications de vos messages par courriel, ça me suffit amplement. (Je me suis désintoxiquée de Twitter, mais je n’y étais pas active du tout).

    Bon courage et encore merci de vos posts. Je repense souvent à votre post d’il y a quelques mois expliquant que faire en cas de maladie/surcharge/situation difficile.

    Odile

    Liked by 1 person

  2. Hackers are active everywhere! We must be very careful with any information provided on line.

    I live in Buenos Aires, Argentina and we must be particularly wary with our cedit cards and banking information.

    Liked by 1 person

  3. Hello Nikki,
    I have just attached a link to this blog post and tweeted @TwitterSupport @TwitterSafety and @TwitterVerified with a request that they reinstate your account. I hope it results in the desired outcome. We’re missing you on Twitter!

    Liked by 1 person

  4. You are so lucky to be breaking free. All of those “social” media things are a timesuck and useless compared to making your own website and running your own blog. Count your blessings!

    Like

  5. What you said about Marmite, I love Twitter BUT when I read horror stories like this I don’t know what to think – or expect in the future if anything ever goes wrong. It looks like talking to a machine that does not understand your language. Terrible.

    Liked by 1 person

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.