Locked out of your social media account.. Now what?
It’s unfortunate, but it can happen to anyone. Hackers will seemingly come out of the blue, although at any moment they could be targeting the most influential companies in the world all the way down to your personal account. You may think ‘why me?’ But for whatever reason, you were targeted and now you have to act - and act quickly - to recover your account. As a social media manager, we often focus our energy on protecting our clients, but in this case, life threw me a curveball. Our company Twitter account @Connect2_Comm was breached on the morning of 4/19.
Here’s what we did to gain it back. It took 6.5 days.
If you have security alerts on, and I highly recommend you do, then the second you receive an email from the social media platform saying your account has been accessed in an unfamiliar location, try to login. If you can’t, then you want to request a password reset. If you’re lucky, your email address is still attached to the account. We weren’t so lucky.
On 4/19 Twitter emailed us a notification of the new login at 5:48:35 AM ET and the email change at 5:49:18 AM ET.
The hackers had changed our password and recovery email address. The first thing I did was immediately file a claim with Twitter Support under my company email address.
And then we just sat around and waited. No, I’m kidding. Do not do that.
While our business account was hacked, I still had my own Twitter to leverage. I used it to tweet at @TwitterSupport and to file a direct report on the Connect2 Twitter Page in hopes of getting the account suspended and placed under review until the matter was solved. While I can’t tell you if this initial effort did much, my efforts heavily increased just a few days later on 4/24 when our company account started retweeting spam content at around 3 PM ET.
Immediately upon seeing this activity, I leveraged my followers and my friends by tweeting and posting call-to-actions on my Instagram story asking others to report the account. By this point, I had multiple people reporting the Connect2 Twitter account throughout the evening of 4/24.
I received an email from Twitter Support the same evening at 5:55 PM ET.
Mine was not the original email on the Twitter account, so Twitter needed me to answer a few questions. I did, and in the morning, I received a follow-up email with more questions. Twitter ultimately decided to change the Twitter email to my email address within 20 minutes of our final correspondence the morning of 4/25.
Once I was in, I changed the password, removed every tweet that we did not authorize, and issued the below statement.
What has this taught us?
Support response times aren’t guaranteed. Some people have reported 24 hour turnarounds, some never get responded to. The best advice I can give from here is prevention. I know that I’ve at least been taught “internet safety” for the entirety of my life having grown up with social media, but we don’t always do what we’re supposed to do. Especially when it comes to our business accounts, or the accounts of our clients.
And you may be wondering: how do hackers even get our passwords?
Unfortunately, there are quite a few ways. Hackers can simply guess your passwords with algorithms that can attempt several common word and number formulas aka weak passwords. This is most likely what occurred in our case.
Another common way is through phishing. Say you get an email from “Twitter” asking you to login to your Twitter account. Look to see first if the email even came from Twitter.com. The webpage they lead you to may look like Twitter, but the URL won’t. Hackers use this method to get you to think you’re “logging in” but instead they’ll use that scam to steal your information. They can also get your info through malware. If a hacker gets into your computer, they can record your keystrokes as you login to several websites. And if there’s a data breach to any of the platforms you login to, hackers can find all the information they need. Scary, I know. But it’s real. And there are some ways to prepare yourself.
What you can and should do today:
Turn security alerts ON so you’re notified of login attempts, data breaches, etc.
Make your password something much stronger than “password,” and use different passwords across platforms.
Turn on Two-Factor Authentication.
Two-factor authentication, or 2FA, helps strengthen the security of your account by requiring two methods to verify that you are who you say you are. Whenever you or a hacker attempts to login to your account with the correct email address and password, you’ll get notified of that attempt on your personal device and can choose to allow or deny. If you are the primary account holder of a business account, you can still have employees access the account, but they will need to notify you ahead of time to accept their login attempt. Complicated? Maybe. But the truth is, without taking these precautions, you open yourself or your client up to a much greater risk.
The prevention tools are widely available on social media platforms because hacking happens frequently. As a social media manager, you should ensure your clients understand the risks and what they can do to prevent them. Even if you can’t control your clients social media passwords, you can suggest these tips to help them strengthen their security.
Have you experienced a social media hack recently? Let us know what steps you took to recover your account.
Twitter Support:
Instagram Support:
Facebook Support:
LinkedIn Support: