I think I just got hacked, and I don't know how

Discussion in 'Off Topic' started by fury, Aug 3, 2012.

  1. fury

    fury Evangelist
    Gold

    Joined:
    Oct 23, 2007
    Likes Received:
    238
    I got emails about an hour ago from Amazon, Apple, and Yahoo, all about my password having changed. I checked them, they were legit, as I could no longer log in to any of them. So, I freaked out and started resetting them back. I can log into them again, but I am scared to find out what all damage has been done.

    All I know so far is they got into the Apple ID and updated the alternate email addresses to add some random yahoo mail account to it. I deleted that, and I deleted my Apple email from my Yahoo account as an alternate address. I really should avoid adding free email addresses as alternate email addresses for things...

    I called Amazon and they have disabled the account and will start an investigation.

    I'm about to call Apple.

    I doubt Yahoo has a phone number.

    My Twitter account fury has gotten deleted and is now owned by somebody named Jake who hasn't tweeted.

    Has anyone been through this before, got any tips to share on how to stop it from happening again? (other than the usual, which I already do... having good passwords, good security questions that can't be determined from social media, etc.)
     
  2. fury

    fury Evangelist
    Gold

    Joined:
    Oct 23, 2007
    Likes Received:
    238
    Apparently it was all for the Twitter account. I'm talking to the person who did it now. Hope I can resolve this peacefully. A guy who hacked my stuff that fast is not somebody I want to make an enemy of
     
  3. chris

    chris Administrator
    Administrator

    Joined:
    Jun 10, 2006
    Likes Received:
    1,777
    Let us know how it turns out. That's crazy, even crazier that you're having a dialog with the person responsible.
     
  4. imutter

    imutter Genius
    Gold

    Joined:
    Apr 4, 2011
    Likes Received:
    754
  5. fury

    fury Evangelist
    Gold

    Joined:
    Oct 23, 2007
    Likes Received:
    238
    Looks like I'm not getting fury back. He wanted $75

    I started a Twitter support request giving them about as much information as I had, but from the way the guy talked, Twitter turns a blind eye to it because they know that people can "claim" they were the person that got hacked so that they can take it over themselves.

    I sent them an email to ask, but it looks like they specialize more in the conventional kind of ID theft like credit card fraud and social security number stuff.

    Ugh. I guess all I can do is get back to work and wait and see what happens with the support teams I contacted.
     
  6. imutter

    imutter Genius
    Gold

    Joined:
    Apr 4, 2011
    Likes Received:
    754
    well apprently it's not called theft until they actually used your info for a crime
    stealing your twitter account I guess is not a crime?
    so you just sit and wait until yoru credit card is compromised ? Even you check your CC report now who is not to say he will use his info in a year or so?
    I hope it was just a punk kid with to much time on his hand. I hope it all get' sorted out
     
  7. imutter

    imutter Genius
    Gold

    Joined:
    Apr 4, 2011
    Likes Received:
    754
  8. fury

    fury Evangelist
    Gold

    Joined:
    Oct 23, 2007
    Likes Received:
    238
    Not much. Couple hundred followers, a few tweets a month for about 5 years. I never really used it all that much, but it sucks not to have it now. I like that name. (he did too, apparently, which is why he hacked it).

    Plus, where will my weekly WhatPulse auto-tweets go now?!

    He didn't even take the followers with him, he just deleted it and signed up a new one to take the name.

    Looks like he already sold it. http://twitter.com/fury

    Well, what a kick in the ass. I had no idea it was so easy to hack my email accounts. That's pretty scary.
     
  9. TarekElsakka

    TarekElsakka Genius
    Gold

    Joined:
    Nov 14, 2008
    Likes Received:
    414
    That's unfortunate and I am sorry to hear that, mate. I've only had one email address stolen from me, and that was my very first email address way back in late 90s or early 2000s, and I can tell you that it still pisses me off to that day and I have absolutely no idea how it happened.
     
  10. Marianne

    Marianne Zealot
    Moderator

    Joined:
    Jul 16, 2007
    Likes Received:
    29
    That totally sucks. I'm sorry to hear about all of this. I'm really surprised and disappointed that Twitter hasn't been of any help at all in this.

    Have you tried contacting the guy who now has your Twitter account and explaining to him that it was stolen from you? Maybe he'll have a conscience and give it back to you? He has to know that something was up if he bought it from someone - the user name you had was a good one and could not simply have been dormant for this long.

    Do you know how he got into your email accounts? Was it the same way Mat Honan was hacked?
     
  11. fury

    fury Evangelist
    Gold

    Joined:
    Oct 23, 2007
    Likes Received:
    238
    I haven't tried contacting him yet, don't really know if he's the type of guy that will be receptive to my situation. Considering how fast he bought it, he has to be in that crowd. I've noticed he is conversing with/followed by a few people whose Twitter names were others that Jake stole, probably in a similar way as he stole mine.

    Twitter started by responding to my support requests with form letters (you're not emailing us from the email registered to the account, etc), which is something I expected since it's probably something they get all the time. But they eventually transferred me to the investigation team, who as of yesterday at 11:48am restored the account itself and reassigned it to my email address, which I promptly changed away from my Yahoo email. I am glad to know it was still there, but the account was renamed to "furydennis". I'm not sure whether it was renamed by Jake in the process of taking my name, or by Twitter when they couldn't restore a deleted account to a duplicate name.

    I'm trying to see if they'll give me the name back too.

    It is an alarmingly similar tale to Mat Honan's, in that it somehow all started with my Amazon password getting changed. Amazon is still supposed to be investigating how that happened. I don't know how that got him into my Apple email, because I didn't associate it with the same payment information. The Apple email wasn't even supposed to have any payment information (apparently, it had my PayPal account in there). Unless it was the Yahoo account first, but the timestamps say it was Amazon first, then Apple, then Yahoo. Once he was into my Apple email, it was a cinch to get into my Yahoo email, because the Apple and Yahoo emails were set up as an alternate email for each other in case of forgot password. Big mistake there. I have now unlinked those emails, and removed the payment information from the Apple email account.

    About those supposed security questions...My security questions are always like extra passwords. They're never the "right" answer to the question, because that would be dumb; my friends know my cat's name and my family knows what street I grew up on. So I always enter something bogus. But the security questions didn't mean a thing anyway, as the password reset was successfuly done without touching the security questions.

    Still not a peep from Yahoo support.

    Unfortunately, Apple doesn't seem to see the problem here, and just keeps sending me the same form letter over and over again when I ask them how they plan to stop this from happening: "best practices for protecting the security of your account", a reminder to enter my 3 security questions (I can only enter 1), and how to remove my payment information.

    I admit I have not always employed those best practices. I used to not care about most stuff online (except for banks and email accounts) and would just give low-priority forum accounts and throwaway accounts the same password I always used; wasn't easy to guess but it was easy to enter. But I started following all of those practices over 2 years ago, of my own accord, even before companies like Gawker started getting hacked and emails & passwords posted for all to see. I've had LastPass as my constant companion since then, generating me a nice secure password and keeping track of them all in a way that only I can get to them (unless of course someone guesses which email and master password I use). Now I've set it up to generate them even longer. Not that passwords made a difference in the way that I got hacked. But the fewer open holes I leave, the less likely termites can get in and wreck my house.

    Apparently there is not a way to use two factor authentication with Twitter. I added my phone number but all it does is send me texts when someone follows or mentions me or stuff like that. I can't find a way to tell it "text me when someone tries to change my stuff", only "require personal information to reset your password" which adds the small step of having to know my email address or phone number to issue a password reset (and it still gives the option to reset via email, which is not helping the security of the account at all).

    At least my Yahoo, Gmail, and most other email accounts besides my Apple account can be protected with two-factor authentication. I think I will start using one of my old domain names for important email again, and lock that down as well with two factor authentication.
     
  12. fury

    fury Evangelist
    Gold

    Joined:
    Oct 23, 2007
    Likes Received:
    238
    OK, so this is getting really maddening. Twitter stopped responding to me on my first ticket (I never got a response after they undeleted my account on the 7th), so I opened a new one last Saturday. It was finally looked at almost a week later, in the wee hours of Friday morning, but they didn't even read the issue, they just sent me a password reset email and called it good. I don't think they understood that I already have my account back, but I want the name back.

    I did get in touch with Mat, but the lead he gave me, on emailing someone at Twitter security, didn't pan out, got no response from them. I don't want to bug Mat about it anymore, he already gave me a lot more attention than Twitter themselves have, and it's really not his problem to fix. I appreciate him trying to help anyway.

    So, I have opened a THIRD ticket, this time an impersonation ticket, as suggested by Leo Laporte when I called him on the radio show today. The auto-response asked for a photocopy of my driver's license, and any proof of my registration of the "pseudonym". I think they mean they want court documents of me registering a d/b/a "fury" or my legal name being "fury", but I'm hoping they'll consider a screenshot of an email from Twitter that shows my Twitter name fury, and a screenshot of the Google cache page while the Google cache still showed my account when you went to look up the cache for twitter.com/fury

    For all the effort I've put into trying to explain it and get them to resolve it, if they don't understand the issue this time, I'm really going to be pissed (as if I haven't been already). I am not sure how much more clear I can try to make it to them. It would be one thing if they would at least know what I'm asking for, and point at some Twitter policy that said they can't reverse name changes even if it was hacked. That would at least mean some closure to my issue and I can just move on. But they're not even doing that, they're just glancing at the category of my support ticket and sending the same form answer that the auto-response sends in the first place.

    It's a free service, so I feel their pain, they're obviously swamped and getting 10,000 tickets per day (going by the difference between my support ticket numbers), but seriously...it's wasting my time, and in turn it's wasting theirs because I have to keep trying.

    The most frustrating part is that this is a service I really liked, and they don't have to care about me whatsoever. For every 1,000 people like me who get hacked and don't get any help, there will be another 1,000,000 rushing to sign up to see the new Justin Bieber tweet of the minute, or tell everybody when they're playing Xbox, or what they're having for lunch.
     
  13. TarekElsakka

    TarekElsakka Genius
    Gold

    Joined:
    Nov 14, 2008
    Likes Received:
    414
    I am sorry to hear that, mate. Have you tried creating another Twitter account with your preferred username in order to preserve it until you get a response from them and cancel/terminate it in order to restore it on your original account? I didn't catch up on all the previous posts so I apologize if you've mentioned that it's been taken or something.
     
  14. fury

    fury Evangelist
    Gold

    Joined:
    Oct 23, 2007
    Likes Received:
    238
    Yeah, the guy took the Twitter name fury a few minutes after he got access to my Yahoo account, because my Twitter was registered to that email address. I didn't even notice that my Twitter account was gone for about 20 minutes, because I was scrambling to get my Amazon, Apple, and Yahoo accounts back in control...

    Twitter undeleted my account, so all of my tweets, followers, etc., are still there, but they didn't give me the name back--I'm still stuck as the utterly boring & crap sounding "furydennis" that the hacker renamed me to, because he wanted to sell the name fury, and that's what I've been trying to tell Twitter. I've sent them four emails with increasing emphasis on the "I have my account back, thank you for undeleting it, but I want the name back too" and they are so far entirely clueless and unresponsive.
     
  15. TarekElsakka

    TarekElsakka Genius
    Gold

    Joined:
    Nov 14, 2008
    Likes Received:
    414
    Yeah this seems like a pretty bad situation. On one hand, you have every right to get your name back since someone hacked into your account and it was not changed by choice; however, on the other hand, someone may have already created an account with that username and used it as his own private account and they might think it wouldn't be fair to take it away from him as it was available when he registered, you know what I mean?

    One thing that comes to mind is the IP address of the guy who logged onto your account and changed the username. It could very well be the same IP address that created a new account with the username "fury", you know what I mean? I'd try and get in touch with Twitter via phone not emails if that is possible and they might be a little more open and understanding on the phone than on emails. You said it yourself, they probably receive even more than tens of thousands of tickets and emails per day considering the amount of Twitter users and hacking nowadays.

    Best of luck dude and I hope you sort this situation out as soon as possible. I'd hate to get hacked and lose my username for it, especially if it's a nice, short one like "fury".
     
  16. fury

    fury Evangelist
    Gold

    Joined:
    Oct 23, 2007
    Likes Received:
    238
    He didn't sign up to it innocently...if it was innocent, I'd have had a chance to take it back myself. Instead, it was deliberately and purposefully taken, and sold (for $75, or some other kind of trade) to somebody who is in that circle of hackers/name hijackers. I traced them back to a hacker forum where there is actually a marketplace for trading these kinds of things. My name wasn't posted there, but I do see him chatting with other people who are notorious in that they steal twitter names and gamer tags and stuff. The guy who did the job on my account has actually had his personal info, address, full name, parents' names, and age posted on pastebin by people who were sick of him and his friends stealing people's gamer tags. It'd be amusing to watch if I wasn't one of their victims... a hacker war, of sorts.
     
  17. TarekElsakka

    TarekElsakka Genius
    Gold

    Joined:
    Nov 14, 2008
    Likes Received:
    414
    Whatever happened to the good old days when people who had serious problems with each other just slugged it out in the street instead of hacking each other and putting out info online. Haha. :D
     
  18. jmp316

    jmp316 Evangelist
    Gold

    Joined:
    Jul 10, 2008
    Likes Received:
    141
    Just finished reading this entire thread. So I headed over to Twitter and searched for "@fury". FYI, there is a current Twitter handle called "@fury" and he's tweets a lot, mainly about gaming. I'm assuming this is NOT the OP tweeting these. My first thought is that you should report this user to Twitter, it may help your situation if his (or hers) account is suspended first. Hope this helps a bit...
     
  19. jmp316

    jmp316 Evangelist
    Gold

    Joined:
    Jul 10, 2008
    Likes Received:
    141
    Update: Apparently, he is looking to sell this name as well... ImageUploadedByTapatalk1345432963.728791.jpg
    ImageUploadedByTapatalk1345432975.509882.jpg
     
Similar Threads
  1. iphoneshmeyephone
    Replies:
    8
    Views:
    1,144
  2. reginaalear
    Replies:
    12
    Views:
    1,528
  3. uniquexgirl
    Replies:
    4
    Views:
    1,085
  4. Rhon loudermilk
    Replies:
    11
    Views:
    12,051
  5. silvermoon
    Replies:
    10
    Views:
    456
Loading...

Share This Page