How complaining on Twitter exposed me to hackers

Twitter is still my number one social-media hotspot to get quick headlines and stay up-to-date with what my friends are eating on a daily basis, but it also almost jeopardize my online identity. I would love to save that is was mostly Twitter’s fault but it wasn’t, it was mine.

I try not to complain on Twitter or to scream publicly about companies that have spurned me, I know it’s a popular thing to do especially with airlines, but I try to keep my negativity to a minimum on social media. This time around I wasn’t actually complaining in the traditional sense, I was just making a joke.

After years of constant use my MacBook Pro battery had finally stop charging, and that meant I would have to go to the Apple Store to get it replaced. On Wednesday morning before work I stop by the Apple Store and dropped off my MacBook and headed into the office; but not before I hit up Twitter during my walk-in.

I made a quick joke about how nervous I was talking to the “Genius Bar” at the Apple store in SoHo. Inside my 130 character joke were some very important keywords, and that’s how I got in the predicament that happened next.

In my tweet were the words “Apple,” Store,” and “Genius Bar.” Three words that don’t really mean anything until you group them together on Twitter. Using those words on Twitter must have pinged a robot used by hackers to scan Tweets about the Apple store,. Doing so the robot picked up the combination of words and knew that I just gone to the Apple Store with a problem.

About 3 PM that same day I got a call from Apple saying that my MacBook Pro was completed and at 7 PM that night I got an e-mail from Apple asking if everything was okay with my visit and to reinstate my Apple ID for security.

As a tech-editor I get e-mails constantly, and since my work email is public, I also get phishing scams by the dozens. I consider myself to be very conscientious about phishing scams. This is by far the best phishing scan/spam  e-mail delivery that I have ever seen in my life.

Nothing was left out,  of it it came from an Apple e-mail address (most likely cloaked) it had the day of my visit, it had the store that I went to, it had my name and of course it had my e-mail address. There was just one thing they didn’t plan on.

My work E-mail is what I use for Twitter but that isn’t the e-mail address that I use for my Apple ID. For the majority of people that use Apple ID the trick would’ve work, and it was because they emailed my Twitter email address, that I began to backtrack the events and see what had happened.

Using the location setting on my Twitter account, they were able to tell which apple store I had gone to, pick up my e-mail address for my Twitter account, and of course they knew my name, that I went to Apple  and other basic information.

It was a pretty ingenious move,  one that I hadn’t heard used before, and one that I wanted to share before anything bad happened to anyone else.

People like to complain on Twitter for the same reasons I think. The main reason I feel is to publicly shame the company that is annoying you in an attempt to get better customer service, other times I think it is just to vent outward frustration, or to warn friends and followers.

We’ve seen major corporations assign people to Twitter all day just to handle any messages that contain poor customer-satisfaction, and now hackers are using the same trick to get into your account.

In any case, hacking is becoming more and more prevalent. On top of that, we as consumers are logging on to more and more accounts everyday. There’re so many ways to stay safe online, from using a third-party password manager that can create unique passwords for each site (like Lastpass) or enabling two-factor authorization from Google or Microsoft whenever it’s available for third or first-party apps.

Recently Symantec offered these tips for everyone online following the recently reported breach of email addresses and online IDs through a Russian hacker network:

  1. Pay special attention to your email credentials: A lot of users fail to recognize that their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site and the recovery link is sent to your email account. In addition, avoid opening emails from unknown senders and clicking on suspicious email attachments; exercise caution when clicking on enticing links sent through email, instant messages, or posted on social networks; and do not share confidential information when replying to an email.
  2. Change passwords on important sites: It’s a good idea to immediately change passwords for sites that hold a lot of personal information, financial details, and other private data. Cyber criminals who have your credentials could try to use them to access more information on these accounts. This is particularly true if you have used the same password on multiple sites. Attackers will often try to use stolen credentials on multiple sites.
  3. Create stronger passwords: When changing your password, make sure that your new password is a minimum of eight characters long, and that it doesn’t contain your real name, username, or any other personally identifying information. The best passwords include a combination of uppercase and lowercase letters, numbers, and special characters.
  4. Don’t re-use passwords: Once a hacker has your account information and credentials, they’ll try to use it to gain access to all your accounts. This is why it’s important to create a unique password for each account. If you vary your passwords across multiple logins, they won’t be able to access other sites with the same information.
  5. Enable two-factor authentication: Many websites now offer two-factor (or two-step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device via text message or a token generator to login to the site. This may add complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.

I haven’t heard this particular warning go out and past, not to complain on Twitter that is, because I found the connection I wanted to share with our readers. If you also have a horror story involving getting hacked from different social media sites or phishing scams I would love to hear about them, and you can contact me about that attempt above.

Related Posts