My Twitter account was hacked on Monday, 26 July. I tried to recover it by changing the password, but the hacker was too quick for me and changed the email address and phone number so I was locked out. I immediately reported the hack to Twitter Support and naively thought I’d get back control of my account within a couple of days or so.
After sending Support the required information, the days slipped by with no response. Not that it seemed to matter too much because the hacker wasn’t doing anything with my account. At least nothing I could see. Because I had created a new account to monitor activity on the original one.
The seemingly endless stream of bitcoin spam messages began about 10 days after I was hacked. I flagged up some of the tweets to @TwitterSupport and also reported the account as hacked by clicking on the three dots and then Report – “It appears their account has been hacked”. Many of my followers did the same (thank you so much!) and/or contacted me via my other social media to tell me what was happening.
To no avail.
Twitter support continued to ignore all attempts to contact them about the situation, which was surprising as I thought they’d have wanted to stop all the spam. In fact, the only consequence was that the hacker blocked my new account to stop me from seeing what was going on.
So I created another new one.
Oh. I also got a number of replies from people telling me to contact XYZ as they were Twitter whizzy geniuses who’d be able to return my account to me in next to no time. But they all looked dodgy. People – wait, maybe I should edit that – bots (?) with hardly any followers tweeting the same messages about contacting their recommendation for help.
I ignored them all. Because I didn’t want to jump out of the frying pan into the fire and give away any more personal data.
Instead I used the second new account I’d created to report some of the bitcoin tweets and my original account as hacked in the hope that lots of noise would attract some attention (some of my followers had the same idea and were bombarding @TwitterSupport too). But it didn’t help and we just got blocked by my hacker.
As I was getting rather fed up that nothing was happening, I filled out Twitter Support’s form again using a different email address in case for some reason there was a problem with the one linked to my original account.
Result! They replied!
After reviewing your request, we realized that the email address you used to send us your request doesn’t match the email on the Twitter account you’re reaching out about.
Because of this, we have to ask that you file a new support request using the email associated with the account.
To file the new support request, follow these steps:
– Visit our forms page.
– Create a new request with the correct email address.
– You’ll get an automated response to the correct email. Reply to that message to confirm your request.
If you can’t access the email address associated with the account, you might want to contact your email provider for help with an old, or inactive, email account. Check out our tips on troubleshooting for more guidance.
If you file a new support request, please reply to this email with the new case number. We appreciate your help!
I did as instructed, even though, obviously, the hacker had changed the email address, password and phone number originally associated with my account. All I could do was give the info linked to it before this unfortunate situation arose.
And then I played the waiting game once more.
Almost four weeks after I was hacked, I was mightily relieved to finally receive this cheery message from Twitter:
Looks like you’re good to go
We had a look at your account, and it appears that everything is now resolved!
If that’s not the case, please reply to this message and we’ll continue to help.
But that relief soon dissipated as the email was sadly lacking in detail. Had they restored my account to me using the original address and password?
No. That didn’t work.
So I created the third new account since the hacking to try to find out what they meant by “good to go”. That’s when I discovered they’d suspended my account.
Totally frustrated and more than a little annoyed, I wrote back to them asap:
I don’t understand how you can say that this has been resolved.
My account @nikki_graham was hacked on 26 July and then some days later sent spammy bitcoin messages. I reported this to you immediately and many of my friends also reported that my account had been hacked.
I’ve now created a new account to check what’s happening and I have discovered that you have suspended my account.
The only way this will be resolved to my satisfaction is if you give me access to my account @nikki_graham. I’ve spent years on Twitter building a following for my business and I don’t want to have to start from scratch again.
Here are the details again: […]
As it has been nearly four weeks since I was hacked, could you please resolve this as soon as possible.
OK. OK. Perhaps I could have been a tad politer and displayed more patience. But was I even talking to a human? And just how long does it take to solve a hacking problem?
Apparently, for ever.
A few hours (yes, hours; Support had finally woken up and was engaging with me) after firing off my message, I received this response:
We’re writing to let you know that your account has been suspended––and will remain suspended––due to multiple or repeat violations of our rules.
We don’t allow the following behaviors on Twitter:
– Creating serial and/or multiple accounts with overlapping uses
– Evading a permanent suspension by creating or using another account
– Cross-posting Tweets or links across multiple accounts
– Aggressive following, particularly through automated means
Please do not reply to this email or send us new appeals for this account as we won’t monitor them.
I’m still not entirely sure what I’ve done wrong, although I’m working on the assumption that the four points were listed for a reason.
- I only created the three new accounts to check what the hacker was doing, alert @TwitterSupport and ask the translation and interpreting community (i.e. most of my followers) to help me get my account back by reporting it as hacked.
- I didn’t evade a permanent suspension by creating another account as I didn’t find out I’d been suspended until after I’d created the third account.
- And, as far as I know, I didn’t cross-post Tweets or links or
- Follow anyone aggressively, but maybe my hacker did.
My advice to you is don’t get hacked. Change your password now to completely random numbers, letters and symbols and keep your fingers crossed. Because otherwise the fruits of your efforts to set up an online presence on Twitter could vanish for good. In my case, it’s 12 years, 7,000 followers and around 25,000 tweets (more or less, can’t remember exactly now) down the drain.
On a more serious note, Twitter obviously needs to improve its Support system and hire a few more humans to sort out issues. I would gladly have paid to talk to someone who would have listened to my problem and resolved it quickly. Perhaps it’s time to introduce some paid account options.
Twitter’s a bit like Marmite. You either love it or you hate it.
I used to love it and check my feed several times every day. Now I sincerely don’t know whether I’ll ever bother with the platform again.
Early readers of this post have told me that besides having a strong password, which you can create and then store with password managers such as LastPass and KeePass, we should also set up two-factor authentication.
To do this, on your mobile go to “Settings and privacy” and then click on “Account” and finally “Security”. On a PC, click on the three dots on the left marked “More”, then “Security and account access” and finally “Security”.
Clicking on “Two-factor authentication” will take you to a screen with three options to choose from (see below).
Twitter can also send you a single-use backup code in case you don’t have access to any of your two-factor authentication methods.
While you’re at it, set up password reset protection as well.
I hope all this manages to keep your Twitter account secure.