Follow

Friends, my twitter account has been hijacked and is now spewing crap. I've reported it and I've done all I can to get it back but I'm still waiting... daniel.haxx.se/blog/2020/11/16

@bagder crap :| is there a chance that more stuff has been compromised (like for example your github account)?

@guenther they're not connected in any way so I don't think there's any reason to suspect that this will expand beyond the twitter account. Feels like problematic enough! =-(

@bagder if you don't know how someone got your twitter password, wouldn't it be reasonable to assume your computer has been compromised?

@guenther I don't think so, based on the way the account was taken over and other (lack of) traces. And I do have 2fa on all the important accounts anyway so "just" compromising my computer isn't enough.

@bagder
I think that would be some important information for your blogpost, that somebody could take over your account despite 2FA (and I assume a strong password).
@guenther

@fbausch @guenther I don't want to speculate as to how or where the weaknesses are before I understand what happened. For all I know, I could be the one to blame...

@guenther @bagder The compromise route could be Twitter insiders. One piece of info that came out of the latest high-profile compromise flap is that employees routinely come to visit the black market boards and flaunt their access, and advertise selling compromise accounts. See this article for some of it at least: https://www.vice.com/en/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos

@schestowitz
yes, but neither of those usually posts elon musk bitcoin scam in your name

@bagder

@bagder super scary, this happening to you, b/c I cannot imagine you had a trivial password on that account.

@bagder The "giving back" hacks from a few months ago which used support access bypassed 2FA. It's plausible.

@bagder sorry about that. Hope this gets resolved very soon.

@bagder Your Twitter account is now switched to private, the (Elon) avatar is gone and the name is changed to Badger. The illicit Tweets are gone and the last Tweet is from 14th November.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!