I haven't tried contacting him yet, don't really know if he's the type of guy that will be receptive to my situation. Considering how fast he bought it, he has to be in that crowd. I've noticed he is conversing with/followed by a few people whose Twitter names were others that Jake stole, probably in a similar way as he stole mine.
Twitter started by responding to my support requests with form letters (you're not emailing us from the email registered to the account, etc), which is something I expected since it's probably something they get all the time. But they eventually transferred me to the investigation team, who as of yesterday at 11:48am restored the account itself and reassigned it to my email address, which I promptly changed away from my Yahoo email. I am glad to know it was still there, but the account was renamed to "furydennis". I'm not sure whether it was renamed by Jake in the process of taking my name, or by Twitter when they couldn't restore a deleted account to a duplicate name.
I'm trying to see if they'll give me the name back too.
It is an alarmingly similar tale to Mat Honan's, in that it somehow all started with my Amazon password getting changed. Amazon is still supposed to be investigating how that happened. I don't know how that got him into my Apple email, because I didn't associate it with the same payment information. The Apple email wasn't even supposed to have any payment information (apparently, it had my PayPal account in there). Unless it was the Yahoo account first, but the timestamps say it was Amazon first, then Apple, then Yahoo. Once he was into my Apple email, it was a cinch to get into my Yahoo email, because the Apple and Yahoo emails were set up as an alternate email for each other in case of forgot password. Big mistake there. I have now unlinked those emails, and removed the payment information from the Apple email account.
About those supposed security questions...My security questions are always like extra passwords. They're never the "right" answer to the question, because that would be dumb; my friends know my cat's name and my family knows what street I grew up on. So I always enter something bogus. But the security questions didn't mean a thing anyway, as the password reset was successfuly done without touching the security questions.
Still not a peep from Yahoo support.
Unfortunately, Apple doesn't seem to see the problem here, and just keeps sending me the same form letter over and over again when I ask them how they plan to stop this from happening:
"best practices for protecting the security of your account", a reminder to enter my 3 security questions (I can only enter 1), and how to remove my payment information.
I admit I have not always employed those best practices. I used to not care about most stuff online (except for banks and email accounts) and would just give low-priority forum accounts and throwaway accounts the same password I always used; wasn't easy to guess but it was easy to enter. But I started following all of those practices over 2 years ago, of my own accord, even before companies like Gawker started getting hacked and emails & passwords posted for all to see. I've had LastPass as my constant companion since then, generating me a nice secure password and keeping track of them all in a way that only I can get to them (unless of course someone guesses which email and master password I use). Now I've set it up to generate them even longer. Not that passwords made a difference in the way that I got hacked. But the fewer open holes I leave, the less likely termites can get in and wreck my house.
Apparently there is not a way to use two factor authentication with Twitter. I added my phone number but all it does is send me texts when someone follows or mentions me or stuff like that. I can't find a way to tell it "text me when someone tries to change my stuff", only "require personal information to reset your password" which adds the small step of having to know my email address or phone number to issue a password reset (and it still gives the option to reset via email, which is not helping the security of the account at all).
At least my Yahoo, Gmail, and most other email accounts besides my Apple account can be protected with two-factor authentication. I think I will start using one of my old domain names for important email again, and lock that down as well with two factor authentication.
