Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: someone stole my twitter account

  1. #1
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,519
    Distro
    Xubuntu 18.04 Bionic Beaver

    someone stole my twitter account

    after researching this for a couple weeks i have come to the conclusion that someone stole my twitter account. actually 3 accounts, apparently around the same time. does anyone know how to contact twitter about this? the obvious email addresses bounce back instructions to use a web form that requires first logging in ... obviously useless for those who can't login.

    i think i found a way to change the email address of a twitter account without letting the owner know, if you have access to the screen where they are logged in or manage to get their password. but i'm not going to test it or disclose it.
    What do you call someone who speaks 3 languages? Trilingual.
    What do you call someone who speaks 2 languages? Bilingual.
    What do you call someone who speaks 1 language? American.

  2. #2
    Join Date
    Nov 2019
    Beans
    3

    Re: someone stole my twitter account

    ProTip(s): Always use a highly secure password. Store it only in a secure fashion, which, among other things, in my view means a strictly local, offline manner. And never, ever let anyone see you type it in.
    Last edited by uRock; 5 Days Ago at 01:56 PM. Reason: remove language filter bypass

  3. #3
    Join Date
    Mar 2009
    Location
    The Freight Yard
    Beans
    211
    Distro
    Ubuntu Mate 19.10 Eoan Ermine

    Re: someone stole my twitter account

    I found a couple of hits on Google that might help.

    https://help.twitter.com/en/safety-a...account-hacked
    https://help.twitter.com/en/safety-a...nt-compromised

    I hope that at least one of them might give a contact option.
    This post is like Brigadoon!

  4. #4
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,519
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: someone stole my twitter account

    i know the security best practices and believe i was using them. maybe twitter support can shed more light on this. i'd sure like to know where i might have failed. that's why i want to contact them. but they make this so hard to do by requiring a successful login to communicate.

    i guess they want people to get another email address (you can't use one already in use .. fortunately for me i own some domains where i can make them up on the fly) and sign up with a new account, just to communicate.
    Last edited by wildmanne39; 3 Days Ago at 02:37 AM. Reason: Removed inappropriate comment
    What do you call someone who speaks 3 languages? Trilingual.
    What do you call someone who speaks 2 languages? Bilingual.
    What do you call someone who speaks 1 language? American.

  5. #5
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,519
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: someone stole my twitter account

    i found a problem with twitter's design that makes it easier to steal accounts. when the email address is changed, they send a verification to only the new address and never the old one. i used a different account and changed its email address and confirmed this.

    of course the old email might be dead. this side of verification is not about validating that the account owner has this email, but about activating steps to resolve the situation, in case it is a theft attempt. and since the true owner might be out of reach at this time, the (different) code sent to the old address needs to not have that 2 hour limit. it needs to be valid forever (so the 6 digit code won't be good).
    What do you call someone who speaks 3 languages? Trilingual.
    What do you call someone who speaks 2 languages? Bilingual.
    What do you call someone who speaks 1 language? American.

  6. #6
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,519
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: someone stole my twitter account

    i have managed to grab the account back and quickly changed the email address. and no, i'm not going to say how.

    @Skaperen tweeted: I'm back!
    What do you call someone who speaks 3 languages? Trilingual.
    What do you call someone who speaks 2 languages? Bilingual.
    What do you call someone who speaks 1 language? American.

  7. #7
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: someone stole my twitter account

    If you can type in any online password or memorize it, then you've failed.

    a) Use a password manager and the longest, random, password they support. You'll NEVER type it, so why not?

    b) Use 2FA if the service supports it. U2F or U2F v2. Hardware devices that provide this are $20 and less.

    c) Do NOT use other service logins like facebook, google, twitter to provide logins to online accounts.

    d) Always use a different password, at least 40, random, characters for every online account.

    e) If possible, use different email aliases/accounts for different levels of needed security. NEVER use your facebook email account for any bank or online retailer. In fact, having a random userid for banking that you don't know is a best practice.

    f) Don't use any tablet or smartphone with any financial transactions. These are not secure platforms and are targets for financial fraud. That applies to iOS and Android platforms. There is an exception - if no 3rd party applications have been installed at all (including FB) on the device. As soon as any non-vendor application is installed, the security is broke.

    e) People are taking over accounts by walking into cell phone businesses and having the account transferred to a new SIM and new phone. In theory, every cell phone service provider shouldn't do this without enough proof of account ownership, but minimum wage sales people are trained to be helpful before they are trained to be suspicious. And refusing a customer request to buy a new device doesn't get them a commission cheque. Famous people are having a real issue with their accounts being taken over in this way. Some cellular service companies have validation phrases tied to every account, but an assistant can be bribed with little chance of being caught. Plus, famous people aren't exactly known for caring about security at all. Once their phone's are cloned and accounts taken over, access to almost everything they do online is gone. People have lost $millions by having their SIM cloned. https://www.theverge.com/2018/8/15/1...sim-swap-theft

    Perhaps there is a reasonable middle-ground. I don't know it, if that even exists. I don't do anything financial on any of my android devices. I don't have the email accounts for anything financial setup on them either.

    While I don't use 2FA with any online service, I've had the hardware and tried to do it for over 3 yrs. The only reason I don't is because those services require that a phone number be provided as the first 2fa method. I worked in telecom. No way would I trust a phone or a phone call. NO FREAKIN' WAY. It is a completely false sense of security and convenience isn't worth it to me.

    For important accounts, keep the logins long+random and the passphrases longer+random. Did I mention that I don't actually know the username for my bank or brokerage accounts? No matter how hard someone tries, I cannot provide it from memory.

    All this reminds me, I need to login to my 5 (or so) twitter accounts. It has been about a year and think they are planning to delete unused accounts in a few days.

  8. #8
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,519
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: someone stole my twitter account

    Quote Originally Posted by TheFu View Post
    If you can type in any online password or memorize it, then you've failed.

    a) Use a password manager and the longest, random, password they support. You'll NEVER type it, so why not?
    my laptop has a 35 character password to mount the encrypted file system. i manually type it in from memory. it's not random but it looks like it is.

    Quote Originally Posted by TheFu View Post
    b) Use 2FA if the service supports it. U2F or U2F v2. Hardware devices that provide this are $20 and less.
    i saw that they support that.

    Quote Originally Posted by TheFu View Post
    c) Do NOT use other service logins like facebook, google, twitter to provide logins to online accounts.

    d) Always use a different password, at least 40, random, characters for every online account.
    i have my own password maker.

    Quote Originally Posted by TheFu View Post
    e) If possible, use different email aliases/accounts for different levels of needed security. NEVER use your facebook email account for any bank or online retailer. In fact, having a random userid for banking that you don't know is a best practice.

    every online account gets a unique email address, now.

    Quote Originally Posted by TheFu View Post
    f) Don't use any tablet or smartphone with any financial transactions. These are not secure platforms and are targets for financial fraud. That applies to iOS and Android platforms. There is an exception - if no 3rd party applications have been installed at all (including FB) on the device. As soon as any non-vendor application is installed, the security is broke.
    agreed. installing any app is a form of breakage.

    Quote Originally Posted by TheFu View Post
    e) People are taking over accounts by walking into cell phone businesses and having the account transferred to a new SIM and new phone. In theory, every cell phone service provider shouldn't do this without enough proof of account ownership, but minimum wage sales people are trained to be helpful before they are trained to be suspicious. And refusing a customer request to buy a new device doesn't get them a commission cheque. Famous people are having a real issue with their accounts being taken over in this way. Some cellular service companies have validation phrases tied to every account, but an assistant can be bribed with little chance of being caught. Plus, famous people aren't exactly known for caring about security at all. Once their phone's are cloned and accounts taken over, access to almost everything they do online is gone. People have lost $millions by having their SIM cloned. https://www.theverge.com/2018/8/15/1...sim-swap-theft

    Perhaps there is a reasonable middle-ground. I don't know it, if that even exists. I don't do anything financial on any of my android devices. I don't have the email accounts for anything financial setup on them either.
    as long as businesses want to control our lives, and need people for their operation, they will never be secure.

    the moment a new hire comes to work, the business is no longer secure. it's like installing an app.

    Quote Originally Posted by TheFu View Post
    While I don't use 2FA with any online service, I've had the hardware and tried to do it for over 3 yrs. The only reason I don't is because those services require that a phone number be provided as the first 2fa method. I worked in telecom. No way would I trust a phone or a phone call. NO FREAKIN' WAY. It is a completely false sense of security and convenience isn't worth it to me.
    i don't have a phone (not even a dumb one) or a phone number.

    Quote Originally Posted by TheFu View Post
    For important accounts, keep the logins long+random and the passphrases longer+random. Did I mention that I don't actually know the username for my bank or brokerage accounts? No matter how hard someone tries, I cannot provide it from memory.
    my bank specifically didn't set up online access for me.

    Quote Originally Posted by TheFu View Post
    All this reminds me, I need to login to my 5 (or so) twitter accounts. It has been about a year and think they are planning to delete unused accounts in a few days.
    if they require a phone number to do 2FA then i have no way to do it with them.
    What do you call someone who speaks 3 languages? Trilingual.
    What do you call someone who speaks 2 languages? Bilingual.
    What do you call someone who speaks 1 language? American.

  9. #9
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: someone stole my twitter account

    If you can type in any online password or memorize it, then you've failed.

    a) Use a password manager and the longest, random, password they support. You'll NEVER type it, so why not?
    Quote Originally Posted by Skaperen View Post
    my laptop has a 35 character password to mount the encrypted file system. i manually type it in from memory. it's not random but it looks like it is.
    Systems that require physical access to use are different and don't count. Nobody without physical access to your local system can hack that encrypted disk, so that's roughly 8 billion fewer people with the ability to even attempt a hack.

    Online accounts can be accessed by anyone in the world. THOSE need the long, random, passphrases that you don't know which are random, long, and never stored anywhere unencrypted.

    The internet means no limits to the remote attackers.

  10. #10
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,519
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: someone stole my twitter account

    my laptop usually has no inward access. my strong passwords are intent to protect against theft and the rare times i do set up a port-specific inward forwarding tunnel (trying to do UDP next, then SCTP). as for online, my biggest risk is probably my cloud access. working on it. my VPS has nothing on it worth anything. if anyone can break in, they best not let me discover it or i shut it off or quit paying. the most valuable data is not even reachable by my laptop (unless i get it out from its obscure hidden locations and plug it in and enter a 27 character passphrase).

    the most valuable need the most protection, like government vs. government. social media is a toy to me. i'll probably break it, soon. it has little personal value, so my 18 character twitter passwords are probably sufficient. i don't do FB.
    What do you call someone who speaks 3 languages? Trilingual.
    What do you call someone who speaks 2 languages? Bilingual.
    What do you call someone who speaks 1 language? American.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •