After Spending Three Days in Hell When My Twitter Account Was Hacked, Here’s What I Learned
Twitter Lionel Bonaventure/Getty Images
It is probably a pretty good indication that you need to radically alter your life when you spend huge chunks of your day on an endeavor for which you have disdain, and from which you gain no income. Such is the case when it comes to me and Twitter, a social media platform of which I am highly critical, but on which I spend absurd amounts of time.
I do this mostly because my account there is “verified,” and I have enough followers who seem genuinely interested in what I have to say, so I feel an obligation to give them my take on whatever is happening in the news. It is also usually a good place for me to promote my columns and various broadcasting projects or interviews.
Spending a lot of energy on Twitter can be exceptionally maddening because you are forced to come face-to-face, especially in the Covid era, with an extreme amount of abject stupidity and manipulative misinformation. But that everyday experience was nothing compared to what happened this past weekend when my account was targeted and successfully hacked for most of three days.
It all began with a colossal mistake on my part. Early on Saturday morning, I woke up to a direct message, which appeared to be from “Twitter Support.” It informed me that, if I didn’t take immediate action on a copyright violation, my account would be suspended. Even though the message made little sense (I knew it should have come in the form of an email), and if I had taken a closer look at the account itself it would have been pretty obviously fraudulent, I stupidly responded to the inquiry, probably in part because I have so little trust that Twitter’s actual policies wouldn’t be totally nonsensical.
Almost immediately, I realized I had made a blunder and thought that I had moved quickly enough to rectify the situation by changing my password a couple of times. However, this hacker knew well what they were doing and, once they got a foot in the door, were quickly able to take control of my entire house, eventually forcing me to be locked out of my own account.
Since it was a weekend, I knew trying to get any immediate action or human interaction from Twitter, especially as a non-celebrity, would be roughly like a kid attempting to get a meeting with Willy Wonka in his chocolate factory without a gold ticket. Consequently, I braced for what I knew would be a long and frustrating process.
The first day was spent trying to respond to Twitter’s automated system which is so notoriously slow and totally impersonal that it gives one almost no confidence in the process, mostly because you are not dealing with an actual human, and therefore there is no nuance or accountability. Had I been patient, and not rushed my responses, things probably wouldn’t have gotten as bad as they did, but I made a second mistake which set me up for an even greater disaster.
When you file a claim with Twitter that your account has been hacked they immediately send you an email asking for several pieces of information so they can eventually proceed. This hacker clearly knew to anticipate that and simultaneously sent me an EXACT duplicate of that form email, which fooled me into thinking that Twitter’s automated system had sent that same email twice.
Consequently, I foolishly responded to both of the emails—thinking I was covering all my bases—when in fact I was ignorantly providing the hacker with almost everything they needed to expand their reach into the bowls of my online life, while also preventing me from being able to fix the problem with Twitter. By the next morning, I was also locked out of my primary email address, and by that afternoon there were signs that my Mediaite email, which I was using essentially as a stopgap measure with Twitter, had also been compromised.
So now my verified Twitter account, which had unfollowed ALL of the thousands of accounts I had followed over the years, was resembling a Turkish escort service for underage girls, and I had no idea what was happening with the email address I have had nearly since the internet era began. As exasperating as the process of trying to defeat the hacker was, it was the psychological aspects of fearing the unknown, while having very little faith in the system to fix the problem, which were at least as physically and mentally draining/soul-sucking as the violation of my personal space itself.
My mind kept racing about what a hacker might find in my thousands of old emails. Did I have information within in them which could cause the damage to spread to financial accounts (apparently not)? Did I have any videos in there of me having sex with women famous enough for anyone—other than my wife—to care about being publicly leaked (“unfortunately” not)?
One of the more bizarre aspects of trying to fix the problem were all the ways that the system almost seems set up to enable hackers to get away with their crime for as long as possible. For instance, the biggest obstacle to regaining my primary email account was that everyone, including the company itself, is automatically prevented changing the password once the password has been changed multiple times in one day. Since this is exactly what happens in a hacking, it seemed like it gave the criminal a huge advantage, especially when none of the four different people I spoke to at the email company gave me the same story on exactly how much time had to pass in order to try again (it turned out to be an excruciating 24 hours).
With the help of an actual human at Twitter whom I had contacted outside the normal process, by Sunday night I thought I had a major victory when I got access to my account, but by Monday morning I was locked out once again. Now my Twitter account appeared to be a tribute to a Turkish soccer star, but, thanks in part to help from Mediaite, there was at least some light at the end of the tunnel, though I was still being held hostage by constantly refreshing various email accounts on my laptop waiting for new notifications from Twitter, or further indications of the hacking getting worse.
After securing that email account, and finally getting someone reasonably competent at the other email company to speak to me (again, outside the normal processes), by late Monday afternoon I now finally had control of both my Twitter and email accounts. I am convinced that without actual human interaction on both fronts there is no chance the situation would have been—fingers crossed—resolved even by now (I was told my Twitter account would eventually restore itself to the pre-hacking status, though as of this writing that has not yet occurred, and this morning another attempt was made to hack it).
As for what really happened here, I’m honestly not quite sure. Every technician I spoke to indicated that they thought this attack had all the markings of having targeted me specifically. While there are plenty of reasons that someone might have a strong motivation to hire someone to shut me down (including a controversial new “true crime” podcast I have recently begun to release) there are some signs which indicate to me that this may have been a random attack on verified accounts, and I was just dumb enough to give this jackass in Turkey his sick joyride. Though it does seems insane that someone would go to all of this trouble just so they could briefly control a Twitter account with only 46,000 followers with which they, thankfully, did very little.
The weirdest part of this nightmare is that, which the exception of a form email from Twitter I got last night (which is requires an extreme amount of work on my part, with zero reason to believe anything will actually be done), there has been literally no concern expressed by anyone in the process for trying to track down and punish the hacker. It is as if “Big Tech” has simply decided these incidents are just the cost of doing business, both for them and their users, which of course means these hackings will continue to happen regularly.
Though hopefully not to me. I am very confident that the next time I get an unexpected direct message from “Twitter,” that I will properly ignore it.
This is an opinion piece. The views expressed in this article are those of just the author.
