Around 6 PM on March 11th—a Saturday—four emails landed in my inbox. Not in Focused (where I get alerts) but in my Other Inbox which usually indicates not-so-personal or urgent business, like a neighborhood newsletter. So it was about 11 PM when I checked my Other inbox and found the emails, spaced a few minutes apart, all from Twitter:
Security Alert: New or Unusual Twitter login (Probably some junk/spam)
New Login on Twitter (Well, that’s kinda interesting.)
Your Twitter Password has been changed (What the heck?)
Email address for CCHall_Author has been changed (WHAT THE HECK?)
Still, I was not freaking out completely because it had to be some kind of phishing, right? I mean, I’m a nobody in social media world; I have less than 1,000 followers. Who’d want my Twitter account?
But sure enough, I can’t get into Twitter with my email so now, I am kinda freaking out. Because (as per the emails) someone has hacked my Twitter account and taken it over. Next, I use my gmail account and basically set up a new account for Cathy Hall so I can login. I find CCHall_Author, just sitting there, looking all innocent.
Everything is just the way I left it. Except it’s not me. It’s some scoundrel with nothing better to do than steal my account.
It’s a bit ironic, y’all. I don’t use Twitter much. It’s connected to my website so that when I post, it posts on Twitter. And since January, I’ve been working on writing the next novel and thinking about the new website so I haven’t posted on my own site. And I can’t help wondering if that’s why someone thought it would be okay to usurp my Twitter account. Because I wasn’t using it? Like my Twitter account is some kind of parking space that someone can avail themselves of because I’m not in need of it right now.
I’m not having that. So I contact Twitter to let them know I’ve been hijacked and unfortunately, the onus is upon the legitimate user to prove legitimacy. So I fill out a form and promise my first-born child and before midnight I hear back. To wit, we’ll look into it, just give Twitter a few days.
About four days later, “we’re on it!” apparently means the account is suspended. It may have been immediately suspended and it was 72 hours before the notification went up but whatever. I can’t use it and neither can he/she/it (since I’m not discounting a bot/AI).
On March 30th—nearly three weeks later!—Twitter contacted me about the Twitter Impersonation Case. To get back my account, I’ll need to fill out another form, promise another child, and somehow prove that I am the rightful owner of CCHall_author. I felt like I was on To Tell the Truth, standing up to say, “I’m Cathy C. Hall, the author.”
Anyway, as it happened, I had a few screenshots of my Twitter account to back up my claim. But I still haven’t heard from Elon Musk or anyone else at Twitter about my account.
I’ve got a few questions to ask when I do:
Does this sort of Twitter hijacking happen regularly?
Why steal a fairly ordinary account with little usage and even less followers?
Who does this Twitter thief think he is? And why is all the work on me to get the account back?
To be honest, if I weren’t putting out a book, I’d probably throw in the Twitter towel at this point. But I worked hard for those followers—mostly writers and readers. Then again, it’s a bit humbling that no one has contacted me to ask about the suspension.
So Twitter User, beware. I strongly suggest that you make screenshots of your account, just in case. And if you’ve had experience with this sort of Twitter trouble, I’d love to hear about it and/or what else I can do because I am down to my last kid.
That's awful! How do screenshots prove that you are you?
ReplyDeleteThis is disturbing! Sorry this happened, Cath. I'm assuming back-end screenshots, right? Why don't they send a code to the email or phone you registered with to prove it's you, like a double verification thing? Ugh. I can feel your pain about losing the followers you worked so hard to connect with over the years. I was banned from Instagram (for no apparent reason that I could identify) after getting around 30k followers for one of my retail businesses. It was such a bummer, and I didn't want to start over, so I never went back. I hope you're able to get your account back!
ReplyDeleteAng,
ReplyDeleteOh, that makes some sense re: the screenshots. Of course, once you have access to the account, you could use Photoshop...Honestly, who has the time and energy to do this stuff? Really?
I really wish the bannings made more sense. Sorry to hear about your experience.
Oh yes, Photoshop is great for everything! I think Cathy means to take screenshots of your Twitter back end now before hackers gain access with a timestamp that shows the date. But I wonder what the end goal is here for the hacker? Cath, didn't you have someone also take over your domain name when it expired? I may be a bit paranoid, but I wonder if it's the same person. I think someone else on the team had a similar problem with their website and social being hacked into.
ReplyDeleteAng,
ReplyDeleteNo, I get the importance of a time stamp. But I suspect someone could alter that as well. You could probably tell it had been altered if you really got in there but do you think Twitter support would?
And, yes. I am negative this week. Why do you ask?
So, yes, the most frustrating thing about this is the why? What end does it serve to take over my account? With Facebook, hackers create NEW accounts with your info, presumably to get your friends to "friend" again and then send messages, asking for help or money or whatever. Not sure if it works...but this person STOLE my account and never sent out any tweets, DMs...maybe he/she/it didn't have time.
ReplyDeleteI do think it's significant that this activity took place on a Saturday evening. I feel like it may be similar to the person who makes an illegal charge on your account for $5, just to see if you catch it. (Which has also happened to me and yes, I contacted my credit card immediately. That time, I had to get a new credit card since mine was compromised.)
And yes, I presume a screenshot of your Twitter page proves a time stamp and I had taken a few screenshots almost two years ago when I changed from @cathychall to @CCHall_Author. I suppose one could do some fancy photo-shopping but it would be time-consuming. And this person, in a matter of three minutes, had my account. I just don't see putting in that kind of effort for 700 followers (mostly writers!).
As for two-step verification, my Twitter wasn't set up with that 12 or 13 years ago and I've never bothered to add because...well, why? It keeps coming back to why steal my Twitter account? Even a cursory glance would show that it's not used often so I'm certain that anyone getting any message out of the blue from me on Twitter would be immediately suspicious.
Finally, Ang, yep, someone scooped up the name I wanted to use for my website when I was checking availability last year. But someone also bought my domain name YEARS ago when I left GoDaddy and that domain expired. When I went back within three or four days, it was not available (and MANY variations of the name were also not available). But I get that. It was a common practice to grab a name like that, hoping the person would be desperate to get the name back and basically pay a ransom.
So pfffft. I don't know if I'll get my account back--and in a way, it feels kinda creepy now--but I'm tempted like you, Ang, to just let it go. Though 30,000 followers on your Instagram was quite a loss! I'm so sorry for that but I get it. It's looking to be WAY more trouble than it's worth!
(We'll be negative together, Sue!)
I had the late night credit card hack happen to me too. Multiple purchases at 3am for GrubHub. They were really hungry! Lol. Another time someone hacked into one of my credit cards and ordered Amazon Prime with it. But I didn't notice for over 2 YEARS!! Because I also used that credit card for my own Amazon Prime, so I just figured it was for mine. I called Amazon and they couldn't tell me the name of the person, but they did verify it was another Amazon account and different address. Luckily I was able to get it credited back on my card. But still!
ReplyDeleteThis is awful! I haven't been hacked into on Twitter, but Angela's note above mine reminded me of a time someone tried to purchase $300 using my credit card on Walmart. Well, lucky for me (and unlucky for them) my card was nearly maxed out already and it declined their purchase (HAHA). I try to be so good about my passwords but it's so hard to always stay on top of where I'm signed into!
ReplyDeleteOh gosh, I'm just now seeing this! So sorry this happened to you, Cathy. I am probably the person Ang was talking about who had their social media and website hacked.
ReplyDeleteWhat I suspect is this was a test. The hacker (or hackers) noodled around until they figured out your password (they use social engineering clues to find that out, like trolling your social accounts and website/blog). For me, my Instagram account got hacked first, they saw I had a separate account set up for my dogs, where I told everyone their FIRST and MIDDLE names, and then they hacked my GoDaddy account, because my password stupidly contained a version of one of my pet names. I DO NOT DO ANYTHING LIKE THAT ANYMORE WHEN CREATING PASSWORDS. Instagram didn't care a lick, and somehow my daughter, who is an "ethical hacker" reclaimed the account for me. I have two-factor authentication on everything now. I had to have a lengthy conversation with GoDaddy customer service, and now I have so much extra security on that account it's ridiculous. Hackers look for victims who are in the process of having a commerce site set up, such as authors who will be selling books, and then they will pounce on your accounts and steal sensitive information when the time comes. My greatest sympathies to you, because it is a gigantic pain in the you know what, and I got very lucky. I would make sure all your other passwords are changed and super secure right now. Not to make you even more paranoid, but they are still watching you.
Renee, it just burns me up, thinking of people whose sole purpose is to swoop in and take advantage of others' hard work! But at least now I get why the Twitter hack--I didn't think of the e-commerce angle.
ReplyDeleteSorry for your troubles and yes, I'm always changing up passwords. Thanks for the reminder and fingers crossed, my troubles will get fixed soon!