Last week I was going to make a tweet, but when i logged into Twitter I saw a message that said my account had been suspended. Due to the nature of Twitter already being a spammers paradise and backed with the knowledge that I don’t spam my followers, I immediately knew that my account had been compromised.
While my account had been suspended and frozen, I could still see my most recent tweet. It was obviously not from me and the person (or bot, more likely) had linked to a spammy affiliate site with some get-rich-quick scheme.
I don’t know how many tweets were sent out from my account, but I think it was actually only the one. There could have been more and Twitter removed them, but I’m guessing it was just the one and then Twitter detected that URL as being a spam link and froze my account.
I contacted Twitter explaining to them the situation, thinking I only had a small chance of getting my account restored since I had contacted Twitter numerous times nearly a year ago trying to get the tylercruz name from an obvious squatter (http://twitter.com/tylercruz) to no luck.
But any small chance I thought I had was crushed when Twitter went down from a DDoS attack a few days later. Just my luck.
However, to my surprise, Twitter did respond about 10 days or so after my initial query and confirmed that it looked like my account had been compromised and restored my account!
So, thanks Twitter! I’m usually pretty pessimistic when it comes to customer support from large social media sites due to the sheer amount of issues they need to deal with, so it was a bit of a surprise.
I’ve had a lot of back luck with my accounts on social media sites. My YouTube account was banned about 2 years ago after a spammer got into it. That really sucked as all my videos were deleted and I didn’t have copies of a lot of them, and all of them were linked and embedded on my blog so I had to re-upload all the ones I did have saved on my computer.
YouTube never replied to any of my queries… which really sucked as it was obvious my account was compromised (I had rarely commented on videos before and only posted normal videos, then out of nowhere my account starts commenting on people’s videos with some insanely crazy spam). They could have compared my history, compared IP’s, etc.
I will admit though that I almost deserved getting my YouTube account hacked. I had chosen an easy-to-guess password so I had it coming.
YouTube, Twitter, now Facebook!?
And then last night I received an e-mail notification from Facebook notifying me that I received a message from a high-school acquaintance who I never talk to. The message read:
Subject: Google Money
Message: Any Porn Involved 😛 …
Just kiddin… you sent me a dead link…… but if I take til off the end of com… I get to hear kevin tell me about how he has a nice car now .. lol…
What are you doing these days… probably got your own big computer company eh 😀
I stared at that for probably 5-minutes, scratching my head. It was really weird because it looked like he mistakenly sent me the message, but then there were too many associations to me.
For example, Kevin is the name of my accountant, and I had just e-mailed him the night before about how my affiliate marketing campaigns were going (he’s interested). So, I thought maybe Kevin knows my friend somehow and told my friend what I was up to… but then that didn’t explain why he said he gets to hear about how Kevin has a nice car…
After more thought, I realized that he was probably referring to one of those spammy get-rich-quick landing pages where a guy is on video in front of his mansion and cars explaining just how easy it is to make money. The title really helped me deduce that. But it was still a very confusing message.
When I went to the Wall of my friend, I saw that I had apparently left a message there. A very bad spammy one telling him to go to a link to show how I make $50 a day using some method.
That really bugged me because I don’t want people thinking I’m whoring myself on their Facebook walls trying to spam them. I went through my other friends and contacts and saw that the spammer had done this on half a dozen others as well, so I had to remove the messages and explain that it wasn’t me.
Fortunately, I hate Facebook and almost never use it. I only have an account there so I can view other people’s photos, etc. when they send me a link, so it could have been much worse if I actually used Facebook and had everybody I know listed as a friend.
The strange thing is, the hacker/spammer/bot didn’t change my password… I found that really odd. Even if it was a bot, you’d still think it would have changed my password and e-mail to lock me out and erasing their spam.
So, I have obviously changed both my Facebook and Twitter passwords now, but am not certain how they were compromised in the first place.
Twitter suggested that it could be the Koobface worm:
“Koobface, an anagram of Facebook ("face" and "book" change order and "koob" is "book" in reverse), is a computer worm that targets the users of the social networking websites Facebook, MySpace, hi5, Bebo, Friendster and Twitter. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers.” (Source: Wikipedia)
Which it may have well been. I’m usually very careful about avoiding virii, but the article goes on to say:
“…they [the victims] are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, they will infect their computer with Koobface.”
…and I can see myself falling for that. That’s actually a pretty good technique if you ask me
However, I updated my free AdAware anti-spyware/virus software and ran a scan but it came up empty so I’m really not sure what happened.
Anyhow, while it sucked to lose control of my Twitter account and have my Facebook account send spam from my account, I wasn’t all that stressed about it since I’m really not a big user of social networking sites.
Now, if it were my PayPal, bank, server, or e-mail accounts I’d be real pissed!