It’s still a shock to me that Russian hackers took control of my Twitter account.
That was back in 2014. I was wrapping up assignments. To keep up with the news, and to see who is responding to my tweets, I often head to Twitter. I don’t often expect to see much activity, but I enjoy connecting with those who do have questions or comments.
That day I was stunned to find a string of responses.
“You’ve been hacked,” said one follower.
“Did you just learn Russian recently?” joked another.
Several thought I was swindling them. Some people claimed that they wanted to stop following me. It didn’t sound right.
I went over to the login screen. There, I entered my email address and password. Nothing. I tried again thinking that I had typed it wrong. My account was locked by this. The panic started to set in.
My routine social media check turned out to be a little nightmare. At the time, it didn’t Feel minor. The hackers had compromised my account, mostly because (at the time) I didn’t use two-factor authentication, and they had used a password generator to gain access. They altered my profile, and began posting links to phishing sites.
The only thing I could do was to take action. What action was needed?
Talk to anyone who has ever been the victim of a security breach in their account, on social media or at bank or another secure site. They will describe how it is like being transported into another realm, dark and mysterious. While it is rare that we are ever hacked or compromised, when we are, it can feel strange. It’s not something that comes up often. As if you were in a small car accident, it’s easy to feel lost and confused. Worse, when it comes to social media companies, there’s a feeling that no one is actually going to come to your aid. These companies are too big and too complicated, while the products we use aren’t worth our money.
I was trapped in darkness for at least several days.
A few hundred people lost interest in me, which was understandable. They didn’t know Russian. However, I was able to contact Twitter support. The response took around 24 hours.
The tech support representative mentioned that it was best to use 2-factor authentication. I do now know this, thanks very much. They restored my account eventually, although they had to confirm my identity via phone and email, and then explain the events.
Initially, they thought I might be trying to take over an account I didn’t own, which left a bad impression on me. Are we actually the ones who own these accounts? Do I have proof that I am the original poster since 2008?
Looking at my feed back then, I recall seeing comments and links that could only be my own, but I didn’t actually have a way to prove that.
That feeling of losing control over my personal feed is something I’ll never forget and, suffice it to say, I’ve used two-factor authentication ever since.
Consider this an announcement of public service. Allow two-factor on every account. You will avoid minor problems.