Skip to main content

RESOLVED: hacking twitter does not violate their terms of service

UPDATE:  twitter responded a few moment ago with this notice:



@dino has resolved this issue for me

much thanks to @dino for this response!





ORIGINAL POST:

at least, that’s what i’ve been told by @dino at twitter.

so, let me lay this out:  in 2007, i signed up for twitter using the handle @mock.  i used a simple password, not one complex, because i wasn’t sure if this twitter thing would take off.  i should have changed it long ago, but i didn’t and that was my fault.

a week ago monday, i noticed i had been receiving twitter email digests and wanted to turn them off.  when i tried to log into twitter as @mock, i couldn’t.  after a few times of failure, i requested a password change email.  it never came.  on closer examination, i noticed finally that my username was changed from @mock to @mockockocklol.  what?!  i felt anxiety starting to load as the realization of what had happened unfolded.  when i tried logging in with that modified username, i was able to get in with my original password.



notice the username had been changed to @mockockocklol

after more investigation, i found that some skiddie named cody (@pump) had used tools from @z_o_m_b_ii_e to acquire certain twitter accounts by logging in, changing the usernames, and then immediately signing up with those now freed usernames, in effect, stealing identities.  from the tweets on those accounts, you can see there was an attempt to hack twitter accounts and acquire them for whatever purpose.



hacked @mock account (with a few taunts)



@z_o_m_b_ii_e's twitter account which links to his site for exploits



cody's @pump account (which might be not be his originally), reference hacking twitter accounts

i was quite the mad.  and helpless.  i appealed to twitter @support for help.  they suggested i open a ticket about it.  i opened two or three.  one finally did catch their attention.  the initial response was the same plastered all over their support pages:  request a password change and change it something really good.  i replied and told him i had already done that and explained in detail again what my real problem was.  he replied back telling me the ticket was being routed to the “appropriate team.”

shortly after, i got the first email from @dino.  he informed me he initiated a password change request email for me and suggested i change my password.  again, i replied telling him that was not my problem.  i explained in detail again and offering (again) to provide proof that i’ve owned the account since 2007, and that i didn’t change my username.  he reviewed the new @mock account and found it “to be a legitimate account that claimed the username in the normal process of creating their Twitter account.”  he also informed me that “don’t reclaim usernames from active accounts that aren’t in violation of our rules or Terms of Service.”



i replied and told him that i didn’t change my @mock username, it was done by another, and asked if there was any way i could prove that i owned the account that would matter in this case.  i have yet to hear back from him, but as you can see it sounds like i won’t.

a few common sense points:


  • why would i change my username from something like @mock, which is how i “brand” all other instances of my virtual (and real-world) presence, to something lame like @mockockocklol?

  • if you examined the accounts and tweets from the several involved in this, directly or indirectly, you can see they intend to hack these accounts.

  • if there was some exploit involved, you’d think twitter would want to plug that hole and deal with those involved.

and now to piece the logic together:  dude finds a way to get into my account through some exploit, renames your username to something bogus, then immediately registers that name in order to steal it, and this does not violate their terms of service.

it seems that balance falls in favor of the hackers.

i currently work for a media company.  i told some of the online producers about this case and rachel wise drafted this blog about it.  i do admit to having a lame password.  this situation has been a valuable lesson for me.  and in truth, i, of all people, should have known better.  and that’s shame on me.  that won’t happen again.

one other note i need to make:  i have another twitter account (@1mock) i set up in case twitter didn’t handle this as i had hoped.  when i tried to change username, i ended up changing the @mockockocklol username to @m0ck_ instead.  i wanted to leave everything as it was until the official investigation by twitter was concluded, but i goofed.  this still shouldn’t change the situation.

Comments

Popular posts from this blog

reliable routers?

these are the horror stories you only hear about in other blogs but your own.

i have an asus rt-ac87u router which i have been mostly happy with for over a year now. middle to late last year, the firmware update on the router caused it to just drop the internet connection randomly. not the whole network or a restart, but just the connection to my internet modem.
last night (or early this morning, rather), i woke up for other reasons, but i watched as i was browsing on my phone the network switch from my 5GHz network to LTE. ugh! but i'll deal with it in the morning. 
i woke up and started a few things around the house. i rebooted the router to find no restoration of that band. (the 2.4GHz band was fine.) i didn't have time to deal with it then, so i set aside for when i got home. i was thinking it was the radio for 5GHz.
and upon entering my house, i started the effort to replace the router with a backup device of exactly the same make and model. needless to say, the results w…

bad routers continued

after last night's rant which included a few frustrated posts on twitter, i received a reply from linksys's support account, @linksyscares. i responded with some information but never really heard back from them.
in the course of my checking, i realized that v1 firmware on my v2 wrt-1900acs router. i had never used a file to flash the firmware. i opted for the automatic stuff. so, this v1 firmware was on it out of the box. hope, maybe!
i got home, downloaded the v2 firmware, and did the hard reset on the router to dump the dd-wrt. i got the firmware installed after a little bit of wrestling and proceeded to start the configuration. this is where things got bad again.
the wrt-1900acs with the right firmware continued it pattern of restarting every few minutes. i never actually got the setup completed because the restarts would stymie my attempts to adjust any settings. after spending yet another hour of this repeated madness, i shut down the linksys, powered up the asus, and wi…

south africa: seaview

don’t let the name fool you. although it was set with a great view of the ocean, this park housed big cats and other animals. but before i mention them, duncan and family and i found a reptile and raptor rescue at the place we stayed overnight after visiting addo.



duncan’s girls were considering getting a snake, and he thought this might be a good trial run to see if they would really enjoy having such a pet. we saw some rather interesting snakes (especially the black mamba), a few of which i was glad to have run across in a controlled environment rather than randomly in the wild. interestingly, they had some snakes local to my home town in the states too (copperhead, rattlesnake, and cottonmouth). some interesting birds including the large falcon were also part of the tour. (see how big this bird is.)

after leaving the rescue, we headed to the other side of port elizabeth to visit seaview. it was here that we were able to get very close to the lions. we arrived just in time to see t…