Ask anybody about the importance of online security and data management, and you’ll probably hear similar advice. Back up your files regularly. Don’t use the same weak password everywhere. Enable two-factor authentication. A digital life necessitates a layer of precautions that can be repetitive and even exhausting to maintain. It’s easy to brush off the warnings we’ve all heard hundreds of times because “that’ll never happen to me.” Until it does.
When I went to sleep last Monday night, I had no idea that I’d open my eyes to dozens of confusing notifications and my Twitter account taken over by a security hacker group. It caught me completely off guard, but it didn’t have to be that way. Hopefully by relaying my story and some hard lessons I learned along the way, I can help you avoid the same situation as you manage the safety and security of your online accounts and data.
Just after 11 P.M. on August 28th, after I’d gone to sleep, emails started to pop up in my inbox. “Security alert: new or unusual Twitter login,” and “Reset your Hover Password.” Within minutes, my Twitter account was compromised and logged into from a device and location I was unfamiliar with. The password and email address associated with the account were changed, and my entire profile was defaced.
The majority of my 117,000 tweets were deleted, and my following list was emptied. It was as if several years of my life online suddenly ceased to exist. Had I been awake at the time of the attack, perhaps I could’ve taken quicker action, but this group operated overnight.
As I woke up the next morning, I began to realize how potentially dangerous this situation was. My account was connected to dozens of other apps and services that allow you to “sign in with Twitter.” It wasn’t just my social accounts at risk, it was my entire digital life. Sloppy security had put me in this position. I hadn’t enabled two-factor authentication. I had reused the same password on several accounts as so many of us do. To a hacker, I was essentially an open door.
I found out that the hacking group OurMine was responsible for the attack. OurMine has hacked high-profile Twitter accounts in the past, including that of Twitter founder and CEO Jack Dorsey, Sony, HBO and plenty of others. The group continues to wreak havoc online, most recently defacing WikiLeaks. For some reason, they targeted me as well.
Inside my account, hackers were having fun. I received a notification that my Twitter archive was ready to be downloaded. Since my account still had authorized access to Tweetbot, I continued to receive notifications for some time after I lost control of the account, which is how I found out that the hackers were chatting with followers of mine via Direct Message. (I used a second Twitter account to try to alert my followers to the compromise.)
https://twitter.com/ChromaVideos/status/902632848703856641
I immediately contacted Twitter support through standard channels, where I received only minimal help. It took over 24 hours to receive a reply, despite having a verified account. I only heard back at all after a friend with connections at Twitter privately helped me escalate my support ticket. In the meantime, I took stock of my digital life. Here are some tips that may help you:
- Download your data. Coincidentally, I had downloaded a local copy of my Twitter archive the day prior to losing control of my account. Twitter support has repeatedly told me that they are unable to restore my deleted tweets, so this is my only copy of my data. You can download a copy of your archive from the Twitter settings page at any time, and Facebook offers a similar option. Google Takeout will let you archive your Google account data. If you use iCloud Drive, Contacts, Calendars, or Bookmarks, Apple will let you recover deleted files in the settings panel of iCloud.com for up to 30 days. However, files can also be permanently deleted here, making them unrecoverable. That’s why it’s smart to keep a local backup of your data.
- Enable two-factor authentication. This is the most tempting advice to ignore. A second layer of security is a hassle when you just want to log in to your account, but that’s the point. Most major services offer support for two-factor authentication now. Apple first started rolling out the feature to customers in 2014.
- Secure passwords. Like a fool, I spent the morning after my security breach checking every account to make sure I wasn’t using duplicate or insecure passwords. There are plenty of better ways to go about managing passwords. 1Password is an excellent tool for creating strong and secure passwords. Starting with iOS 7 and OS X Mavericks, Apple began offering iCloud Keychain, a more basic but still secure system for suggesting and storing secure passwords across your devices.
- Revoke access to unused applications. Many services like Twitter will show you a list of applications connected to your account. Shortly before my account was compromised, I gloated in a (now deleted) tweet that for nostalgia, I would never revoke my account access to Vine, the now-defunct social network for sharing 6-second videos. That’s not a good reason. Go through your connected applications and remove anything you no longer use or don’t recognize. When my account password was reset, Twitter revoked all applications for me. Goodbye, Vine.
Just in: according to Twitter, they cannot help me recover my data. (I don’t believe this is actually true) But anyway, I’m at square one pic.twitter.com/FzYM9ytVIU
— Michael Steeber (@MichaelSteeber) September 4, 2017
So how does my story end? Three times my Twitter account password needed to be reset. The first two times, immediately after logging in and regaining access to my account, it became compromised again. My account language had been set to Arabic, and by the time I figured out where to click to set it back to English, I was again locked out of my account. Frustrated, I even made a fresh email account with a secure and unused password. The issue persisted. It was only after 6 days of sparse and highly automated support from Twitter that I permanently regained access to my account.
Today, my tweets are still missing. There are thousands of broken links scattered across the web. There’s a hole in my digital history, but from it I’ve been taught a valuable lesson that you can hopefully learn from too. Online security problems can happen to anyone, even you. Use the tools available to help protect yourself, and you can save days of unneeded hassle and stress.
Check out 9to5Mac on YouTube for more Apple news:
FTC: We use income earning auto affiliate links. More.
Comments