Skip to main content

My Twitter tech-support nightmare (again)

Twitter PWA
Twitter PWA (Image credit: Windows Central)

Update October 30, 2020 — Twitter still has a security problem

Perhaps it is of little surprise that this has happened again. On Wednesday, October 28th, my Twitter 2FA was suddenly disabled out of nowhere, which followed the removal of my recovery email address and phone number from my account, meaning I cannot perform a password reset. A similar incident happened two days earlier, but the attack did not remove my email in time, so I was able to stop it.

The method by which my account gets attacked is similar to the famous July Bitcoin attack that hit many high-profile Twitter accounts. Indeed, the first time I lost access to my account, it was like a dry run that predated that July hack. No one is brute-forcing a hack on my account or doing a SIM-hijack, but instead, it seems they have access to Twitter's internal backend tools for account management. There is no other way my 2FA can be disabled, with my account details suddenly removed.

And, as expected, Twitter Support has been non-existent. Moreover, even if my account is recovered (in what could be weeks of waiting), the company is unlikely to tell me why or how this happened or what they will do to prevent it in the future.

See more

If my account cannot be secured, then there is no security on Twitter. It does not matter if I use a non-SIM-based phone number, randomized email addresses, and physical 2FA keys when someone can simply break my account using Twitter's account management tools. And that's creepy and disturbing.

Twitter is one of the more fascinating social networks, especially for news, discussion, cat memes, and Tik-Tok reposts. But Twitter (like Facebook) has also had a rough few years over concerns of moderation and targeted harassment.

Right now, I don't care about that stuff. I want to talk about Twitter support, which is effectively non-existent. This rant is also a bit of an FYI.

If you follow me on Twitter (@daniel_rubino), you probably notice I'm very responsive to questions, engaging in tech conversation, and even just helping people with Windows questions. It's one of my favorite ways to connect with the Windows Central audience as it makes me better at my job. It's also how I stay in contact with colleagues and even the tech companies I cover.

Love it or hate it, Twitter is a vital part of my job description.

Twitter lock-out

Source: Windows Central (Image credit: Source: Windows Central)

Just over a week ago, however, my account was suddenly locked for "security concerns." It is not banned or suspended. Considering I had made no changes to my account and had been using it just a few hours earlier, this was disconcerting.

Was I hacked? I don't know. The process to resolve the dilemma, however, is a familiar one with Twitter telling me I need to change my password. Fair enough. But that's when things got weird.

Entering in my username to trigger a password reset brings me back to the Twitter help page. That's it. No password reset engaged. If I enter my phone number, it then asks for an email, which it suddenly can't find. And if I punch in my email, the same thing – no account is associated with that address (and I have since tried all my other emails).

Mind you, I did not change my email or phone number, and yes, I use two-factor authentication (2FA, app) to verify new logins.

The solution here should be obvious: contact Twitter support. What could go wrong? At the very least, I'd be off Twitter for a day or two – that's fine. So, I did, and an automated reply followed, which explained how to reset my password. If that still did not work, I could email them: "If you've tried the above steps and still need help, please reply to this email and we'll do our best to assist you." So I did with all the requested information.

It has been over a week now and not a single email response from Twitter (I checked my spam folder, thanks). I have even flagged the issue with employees at Twitter who said they could try to "escalate" my ticket. Still nothing, just radio silence.

Source: Windows Central (Image credit: Source: Windows Central)

While I usually do not tell other companies how to run their business, all of this seems ridiculous to me in 2020. When I was once locked out of my Nintendo account due to losing my 2FA app, a simple five-minute phone call fixed the problem. Of course, that's why people love Nintendo.

All of this is a roundabout way of saying two things:

  1. If I do not respond to you on Twitter or I am not posting anything – this is why (nor am I sick with COVID, thankfully).
  2. Twitter support is abysmal.

Perhaps the more significant point here (and I swear this is not humblebragging), is that I have a Twitter Verified account with over 62,000 followers. The idea that "blue checks" get extra privilege suddenly seems misplaced. I can't even get a human to respond to me. That also means that non-verified accounts are just as likely (if not more) to be ignored.

I can only imagine if my Twitter account was taken over by a hacker - what would happen then? It reminds me of ZDNet's Matthew Miller, who suffered a devastating SIM-swap attack on his Twitter.

Anyway, the good news is I feel my productivity has increased, but I do miss all of you on Twitter. Maybe someday I'll be back. Twitter, you can always email me at daniel@windowscentral.com if you want to sort this mess. (And if you think I am only writing this article to get Twitter's attention, you are correct.)

Have you experienced your social network account being hacked, or have been locked out of your Microsoft account? Let me know and what you did to fix it.

Daniel Rubino
Executive Editor

Daniel Rubino is the Executive Editor of Windows Central, head reviewer, podcast co-host, and analyst. He has been covering Microsoft here since 2007, back when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, Microsoft Surface, laptops, next-gen computing, and arguing with people on the internet.

50 Comments
  • Parler, free speech, liberal or conservative.
  • I'd prefer a platform with less focus on politics, rather than more. Parler: “It’s basically a conservative echo chamber for senior citizens who confuse ‘having reprehensible opinions that nobody wants to hear about’ with ‘getting shadowbanned.’”
  • Really depends on how you use it (like Twitter). I unfollowed all the politics (including the users) and really just follow all the tech people, including web design, SEO and IT people like myself. @Daniel_Rubino is notably absent in my feed 😅
  • Same happened to Gab
  • I just signed up and I love it. And I really don't see too much of political discussion since I don't post or follow those. Parler > Twitter right now imo
  • I still don't understand the point of Twitter. I'm not interested in people's lives enough for a one sentence summary of what's going on and I don't expect them to be that interested in mine.
  • I think that's absolutely true for most who are not a celebrity, journalist, public figure, etc. Many of my non-work friends don't use Twitter, or, if they do, they use it to keep up on news, politics, and technology. In that sense, it's like an interactive RSS feed, which is neat. For me, it's very different. It's a way to spread information/reviews/articles/editorials we write, and a way for people to directly ask me questions about it, start a conversation, etc. But there is a lot of insider baseball. I spend a lot of time answering people's questions about Windows, laptops, phones, general tech, etc. It also lets me follow and engage with my colleagues.
  • Exactly, I've noticed that most people bashing social networks FB, Twitter etc are just people who have no clue how to use them to their advantage... Now a days I could almost do without email and a browser for almost everything... Of course I'm exaggerating... But not that much...
  • Interesting, you sound a little bit square-minded
  • Yours is exactly the kind of reply that's to be expected in Twitter.
  • I'm only on there if some service goes down and need updates. Other than that Twitter is completely useless.
  • Or you don't know how to use the tool maybe? 🤭
  • "I still don't understand the point of Twitter. I've tried to be interested in both Twitter, and Pinterest for that matter, to no avail. Try as I may I just can't get into them. But there are many that do.
  • Twitter grew it's character limit to please Trump. What more about Twatter do you need to know?
  • pretty sure 99.9% of twitter users wanted more characters too
  • Does their app crash as much as this one?
  • Their "support" account is also useless. Tried to get their attention about issues I was seeing in the app a few times only to get no acknowledgement whatsoever. Also, the 3.1.22 update for the Windows Central Android app is crashing at startup on my Pixel 3. This is also affecting the same update for the Android Central app.
  • Interesting, I know 3.1.23 just went out in the beta via Play Store and seems fine on my Z Flip. Will keep an eye on it.
  • Just got 3.1.23 and it's working fine. Now to wait for the Android Central app's update.
  • Twitter started out having an SMS interface. They may have shut that down, but I wonder if that endpoint is still out there and might be able to help you.
  • Unfortunately, I don't believe so.
  • I had a similar experience with Facebook. I was in a loop where it wanted me to verify login with a previous logged in browser session. however the computer was no longer available and therefore the only option FB gave was to reset password which brought me back to the same verification request. This was on an acct with 2FA which it never gave as an option. after several weeks with no response from FB support, I luckily had a friend who was an employee that escalated it as an empoyee friend and family support request and it got resolved.
  • "luckily had a friend who was an employee that escalated it as an empoyee friend and family support request and it got resolved."
    Bizarrely, this seems like the "easiest" (and only) way of solving these issues, which is nuts.
  • I've lost my two gmail accounts. Google server neither accepted my recovery mail nor my contact number while using 'Forgot password'. Unlike Twitter and Fb, there's no way to inform them, talk with them.
  • That blows my mind. Like Google can't hire just one tech support guy to handle that.
  • I too had some weird trouble with my Google account, could not find a way to contact anyone. We live in the age of corporations that are actively hostile to their own customers / users.
  • Same thing happened to me this year. Stuck in a loop of password reset emails and no way of getting in touch with a real person. Mine went on for weeks. I spammed and spammed the support email addresses and was finally sent a link that worked in resetting the password. Totally insane and massively frustrating.
  • Good lord. At least you gave me some embers of hope though...
  • I'm not sure what's worse... Twitter support not answering or the sh*tshow that is Nintendo of Europe's support.
    They answer you (really late) but they don't solve anything. Actually, they don't even exactly know what they're doing. They likely hired some cheap labour to take care of their technical support, like so many companies do. Including Twitter apparently.
  • Yeah, Nintendo US support I should say is good, but I could see how them outsourcing in other regions could be different. That's unfortunate.
  • Oh my. This is my true fear. Twitter should be better, they're not a small startup. I hope you get it sorted really soon.
  • Thanks. See my explanation above. Basically, you get the service you pay for, which is the problem with having things "free" on the internet.
  • Dan, you must have forwarded the new York post report on Hunter. That is why you are getting this treatment.
  • Nah, account is not flagged or suspended, it's locked for security concerns. My 2fa being disabled without my consent is the issue.
  • Just wait until after the election. Then you will be able to again.
  • It's almost as if they think Dan is a conservative.
  • To be fair, I'm not being censored here ;) None of my tweets have ever been flagged, nor is my account suspended - it's just 'locked for security reasons' and I am unable to reset my password due to my phone number and email being removed from the system.
  • You are missing the point. Twitter is allocating most of its resources to content moderation. Instead of just letting people "talk", Twitter wants to get into the politics of your speech. Thus, when one side of the aisle gets upset, Twitter must spend more resources making sure they have a plausible argument that they are making reasonable decisions. They don't have time to help you with your problem. When the CEO is having to testify to Congress, you can assume that a lot of resources are being used to prepare his testimony.
  • I mostly use it to get support from other companies, which often offer better and faster support on twitter than on other channels - without annoying phone bots and low quality pop music. Somehow ironic that twitters support on twitter is also bad.
  • This and FB are two great way to get support at least for me it has always been faster than emailing and more efficient than people in call centers.
  • "Somehow ironic that twitters support on twitter is also bad."
    My hunch here is Twitter, like many other social networks, is only valued because of the size of its customer base, which is attractive to advertisers. But without direct influx of cash from users there is little incentive (or capital) to spend on hiring human customer support centers, which are expensive. This is the problem with making everything "free" on the internet. You get the service you pay for.
  • Same happened with my friends MS account. He setup 2FA and isn't able to login because he forgot the password. Now whenever he goes into recovery he is asked to verify identity which is obvious. There are two recovery info he has. 1. Email 2. Phone number. Email works fine he gets the code but MS want to verify again using phone number and phone number it is showing is the same he has wrorking fine. Now phone number code is not working at all. It just says "some problem occurred try again later". MS makes you enter the last 4 digits of phone number to verify. If you enter the last 4 digits correctly it says the error and if you enter those 4 digits wrong it goes to next step and says "if the last 4 digits matched correctly we have sent you the code" This whole process has been so frustating TBH. There is some bug in the backend and they are not ablel to solve it all. He can't access his emails now. MS support is non-existent regarding this. They keep saying you have enabled 2FA we can't help you. OK but why the hell recovery system isn't working like it is supposed to. Now I have realised that these things can break anytime and you can't do anything about it. There would be no support provided to you just 'cause statistically you are the 0.00001% of their entire user base they don't care about it.
  • Yikes. I'm not sure what's worse - a company that has lax 2FA security so that anyone with the tools can just remove it, or a company where their hands are tied and can't assist. The system, even with 2FA, is maddening. Really, this is much better argument for why bio authentication should be the standard here. Harder to fake your 3D face or a fingerprint, and you unlikely to ever lose them.
  • I'm sorry you have this kind of problems with Twitter support. That's not how it should be.
    But this happens at lots of platforms including windows central. A week ago I send a complaint about the app. Never received any feedback
  • Sorry about the app - part of the growing bureaucracy in running an increasingly large site that is now part of a much larger company (Future, PLC). That's something I'll try to work on, I appreciate the feedback.
  • I here there is an alternative. Parler?
  • Not interested right now as no one I know/follow/engage with uses it.
  • Twitter is dedicating all its resources to content moderation. They want to make sure only the proper information is sent using Twitter.
  • As any Security Analyst will tell you: 80% of "network hacks" are inside jobs, not the work of external attackers. Low pay, poor vetting, lax supervision, and way too many unqualified "contractors" jammed into a position just to fill the quota demanded by the upper management leads to serious security issues internally. Not to mention poor or in some cases, nonexistent security and change controls on who has the ability to do what.
    The cost pressure on the low-level managers is intense so they respond by pushing more and more privileged access to the edges of the company, giving non-employee contractors way too much power to change things in an unsupervised way. (But HEY! Look at that Stock Price!!!) Amazon has had a severe issue with their offshore/low pay "contractors" being easily bribed for pennies (but good money in the country they live in) and just keeps rotating which contracting firm they use to try to get around it. So does Facebook, and others.
    It's systemic in any large corporation, but REALLY BAD in the Social Media companies who don't want to pay any kind of decent wage to low-level workers, and in so doing actually encourage malfeasance by them.
    They keep "costs" down (and stock prices up) by classifying as many workers as "part time contractors" as possible (just like the Gig industry) so they don't have to provide any benefits or pay.
    As the saying goes: Money Talks, Security Walks. Your only choice: Deal with it, or vote with your feet and walk away from Twitter (which you are probably REQUIRED to use by YOUR company, as most journalists are.)
    Damned if you do, damned if you don't.
  • Good insight, and I agree.