Back
Post
Does anyone know someone at X support?
My X account is from march 2007. I am Premium+, have ID verification, and also 2FA.
With all this, my X account still managed to get hacked on what I think must be late Saturday night/early Sunday morning UTC+8. I woke up Sunday morning to being logged out, and some rando launching some crypto scam coin. They also hacked another account to coordinate this nonsense.Â
Anyway, I have written emails to X, I have filled up the form, but there is no progress and I have been without an X account for nearly 2 days.
If anyone has ways to help, or even socially amplify it - such that X would listen - and support me - I would be most grateful.
I'm @bytebot and here's a fellow friend who posted about it https://x.com/yongfook/status/1928975927221874974
With all this, my X account still managed to get hacked on what I think must be late Saturday night/early Sunday morning UTC+8. I woke up Sunday morning to being logged out, and some rando launching some crypto scam coin. They also hacked another account to coordinate this nonsense.Â
Anyway, I have written emails to X, I have filled up the form, but there is no progress and I have been without an X account for nearly 2 days.
If anyone has ways to help, or even socially amplify it - such that X would listen - and support me - I would be most grateful.
I'm @bytebot and here's a fellow friend who posted about it https://x.com/yongfook/status/1928975927221874974
đź‘‹ Join WIP to participate
Unfortunately, I'm pretty sure there's no zero in-person support there anymore after the Trust & Safety team and customer service team were completely gutted.
I guarantee you ~one~ social boost post by @levelsio will get someone's attention, though.
I’m really hoping he steps up - because I subscribe to him on X - but can’t dm him there now lol
Can you DM here using WIP's internal messaging feature?
I doubt he'd see my tweet, but if you want, I can scream into the void and tag him to try to get his attention.
That sucks man!
They don’t want to give me my account back
Did whoever hack your account change the email and phone in the settings?
Yup. First thing they probably did.
How did you even get hacked?
I’d love to know this too. Esp with 2FA. I’m told you have corrupt X employees resetting the account or an old connected app? Seems it’s more common than we think x.com/ardaerturk/status/19125…
did you recently click a link that would tell you to “sign in” with twitter? they scam lots of people like that
nope. i havent used it for logging into anything lately. i have oauth many apps (i mean, 2007 account), so i have a huge vector probably of deadish apps that one could take over
But third party apps with OAuth access can't sign into X website/apps to change your password/email, right?
I should think so. But it’s possible to also socially engineer X from what I gather. I have a theory. Let’s see
yeah i would not use 2fa, sounds like that's how it got hacked. Just use a pasword manager with a complicated password and you wont get hacked.
ok - so i have an update - it took a lot of getting people to try to help, but in the end - i managed via getting an swe contact and a public policy contact. you can ask x to reset 2fa - its not hard apparently - help.x.com/en/forms/account-a…
you can also social engineer things.
i wrote about my experience here: farcaster.xyz/bytebot/0x643cb…
So the hypothesis is that the attacker reset 2fa and then reset your password? (I wasn't sure you were saying they let you, or possibly that they let the attacker reset it)
yup - they let the attacker do it. all you need is the email address and/or phone number. if this information is already public - well, you're hosed @hboon
you should see the email i got when it was time to ask for a reset - maybe you just need to be convincing. aka social engineering
Wow
Ok so they reset your 2fa to a new phone number and got access that way?
They still need to enter your password though to even get access to 2fa?
you can after resetting 2fa at the same time reset password. all you need is the email address and/or phone number. take a look at this @bdlowery - 2fa - help.x.com/en/forms/account-a… - then help.x.com/en/forms/account-a…
this is btw happening a lot on X. eightsleep, a partner at a16z, etc. - a lot are getting hacked to launch silly scam coins - this is the hype du jour - x.com/launchcoin/with_replies
they even got the two time ex-malaysian prime minister during the pumpfun era of a few months ago
ok so basically having 2fa makes your account weaker? and It's better to just use a password manager with a strong password
i just cannot imagine how not having 2fa makes sense - we also get recovery codes and that should be used - but you can social engineer your way. strong password also can be reset if they know your email and/or phone number. its just - a shit show @bdlowery