Now this is pretty weird: I just got blocked by Twitter for a tweet that I did not make:
What is interesting is that the account was blocked within seconds of the tweet being posted, it has 8:44 as the timestamp and at 8:47 or so I noticed that my account was blocked. No indication that my account was compromised, but clearly this was a targeted attack to get a so obviously ‘bad’ tweet associated with my account and to report it immediately.
Now, I have been pretty vocal in my support for Ukraine in the last couple of weeks and I suspect that this has been noticed in enough places that someone felt the need to silence me. In a way it’s logical that action begets reaction but Twitter is behaving wholly irresponsible here: there is absolutely no way that if my account was compromised that they could not have noticed this prior to issuing the block, and as far as I can see my account is still there, which means that either someone social engineered Twitter into changing the password, then immediately turned around to compromise then get my account blocked or that Twitter has much larger problems in not being able to detect attempts at account compromise.
Which is pretty bloody annoying because after more than a decade on Twitter you’d expect them to be a little bit more careful about their blocks. This is extremely sloppy and I’m not sure if they re-instate the account that I still want to be part of it (mission accomplished for the hackers I guess), but after trying - and failing - to get my account to ‘verified’ status which would at least give some protection against this kind of trickery it would have been nice to see them at least be careful with handing out blocks like these, especially if it is this easy to weaponize the Twitter reporting function. False flag attacks or ‘joe jobs’ are a thing and Twitter should be very much aware of this by now, it’s not like they started out yesterday.
Unfortunately, since my account is now blocked I can’t make noise about this on Twitter, which is probably the only place where making such noise would be effective.
What really pisses me off is that this is fairly obviously not my fault or even my problem but Twitter believes that I should delete the Tweet (which I didn’t make in the first place) or give them my phone number to start the countdown until my account becomes active again, which is really none of their business. If I wanted Twitter to have my phone number I would have done so long ago but I really don’t see why giving them more information about me is wise. To use their broken abuse mechanisms to gain more information about the users that they allow to be targeted is adding insult to injury.
If you’re on Twitter I’d be much obliged if you tweeted this link.
Edit: there is some confusion as to why I don’t delete the Tweet since I have that option: I did not write that tweet, deleting it is going to delete the bit of data that proves that this happened and quite possibly deletes the associated data than can shed light on how it was done. First rule of forensics: don’t change anything. Because even though to you this may not be a ‘big deal’ it is a big deal to me: someone is apparently able to impersonate me on a platform using highly inappropriate language making me look bad in the eyes of thousands of followers. And that’s a lot of potential damage, likely people will unfollow en masse and some might take it serious enough to act. This being a targeted attack I think that the value of the damage to my account is outweighed by the value of the forensics assuming that Twitter is able to figure this all out in the first place. It certainly is worrisome, a lot of very powerful people use Twitter and I generally assume that what is written under their accounts really is written by them. Time to revisit that assumption, apparently.