On the 2nd February 2014, our twitter account, @webetecture, was compromised, and a spam link was tweeted. However, we were blissfully unaware of this (because if you look at our account, we badly neglect Twitter), until the 7th February, where we received an email from Twitter, informing us that the account email address has been changed.
Isn’t that an alarming email to receive? The fact that anyone can hack into someone else’s Twitter account, and can change the associated email address, without a confirmation link sent to the original?
So, you follow the link provided, and fill out a form for a support request, which then sends you a second email, urging you to use a form to try changing your password (like you haven’t tried that already). The problem for us was that the reset link would have been sent to the email address of the hacker. Not ourselves.
So what does this email tell you about Twitter?
- It’s really insecure. It’s that long ago since we signed up, we cannot remember what security protocols are in place – but thanks to the reminders in bullet points two and five – it turns out there aren’t any; no alternate email address, no security questions (first pet name, mother’s maiden name, etc.).
- They’re willing to help protect the identity of the hacker, but not help you, as the first bullet point states.
- If you have no email access, and you sign out of the Twitter app to prevent your phone battery running to nothing, you’re out of luck!
So we file yet another support request as the email tells you to do, and send them a reply. The next stage is that after days of Twitter doing absolutely nothing, they then send you a satisfaction survey, to rate the quality of support recieved.
So we followed the instruction, and replied to the original ticket. Oh, and gave them a bad review.
And that’s it. Nothing appears to get done. You hear nothing. You really begin to give up hope after a few days pass by.
But then - we receive an email informing us it has been returned to us. Which is nice. The email tells you nothing though, except to choose a stronger password this time. So, it’s yet another unhelpful email. But the account has been returned, and that is what’s important.
So, some advice:
- Use everything. Sign up for SMS Twitter. Log in to Twitter on your phone, iPad, tablet, whatever. Keep one logged in at all times, if possible.
- Enable login verification on one of your devices. That way, whoever tries to steel your account, will need your device to log in.
- When you get an email and it asks you to reply to it, do so. Every time. Really hammer home to Twitter support that you want your account back. Persistence may be the only thing that got us our account back!
- Get a very, very strong password. We had a strong one, which was clearly not enough. You can use a password generator like: http://strongpasswordgenerator.com/, but you might have to try really hard to memorise the kind of password this generates!
What do you think?
We believe this kind of support and security for one of the biggest social networks on the planet to be absolutely appalling – but what do you think to it?