Hack or Inside Job?

It has been the usual morning for me, until I clicked into a random tweet and saw something very suspicious...

One thing to note is that I have not made any tweets since March 2020 when the Steem Hostile Takeover took place. As I ceased posting to any centralized social media platforms ages ago, I rarely visit them, let alone my own pages over there.

As the display name and avatar have been changed, I opened my twitter page for the first time in months and discovered some scam tweets that were obviously not posted by me 13 hours ago.

While I can still login, I could not change my password or perform any other account operations except a password reset, which I did. That means I cannot even delete those tweets at all, all I get is the same error message.

Your account is suspended and is not permitted to perform this action.

Those 84 likes on each of those tweets are obviously from bot accounts (or other compromised accounts). All my liked tweets, followers and following were erased. If you attempt to visit my twitter account, all you might see is this:

On top of changing my passwords, I have contacted Twitter to lift all account restrictions, delete those tweets and revert any other malicious account actions that might have been made.

2FA hack?

All my online accounts are secured with U2F/WebAuthn on my hardware wallet, or Authy TOTP if security key 2FA is unavailable. The only one where neither is available is my bank account where I must use my phone number that is prone to SIM swap attacks, and this is definitely worse than centralized exchanges which I hardly use.

Checked my connected devices on Authy but saw no device that I cannot recognize. The seed phrase is always kept offline and kept in a place that only I have access to, so the only way this could be compromised is through physical means (which did not happen), a brute force attack (near impossible with today's computers) or someone tricking me into approving a login (can't remember the last time I opened the FIDO U2F app, so it did not happen either).

No suspicious emails

One thing that is for sure is that I did not receive any emails (nor SMS alerts) on suspicious account activities (checked spam folder). Even the @aliveprotocol account that is secured under the same 2FA accounts isn't pwned.

Nope, not even a single email to notify about the suspension of my account.

That means if I did not click on that random tweet above, I would never knew about this for potentially years.

Dangers of centralized systems

The only thing left that I can think of is a potential inside job, bypassing all account security measures. This has happened several times in the past to others, including the infamous crypto scam that happened a while back.

This highlights how dangerous the current system is, as even the best security measures can be bypassed like that. As this is not using any public key cryptography, there is no way to verify any signatures that indicate that the real account owner have performed the action. Your account on centralized platforms isn't really yours (unless you own the platform itself).

But not on Hive, where we own our private keys to our accounts. Anyone can verify any account actions (including the creation of this post) that is available on the public blockchain that anyone can download. Best of all, no one can stop you from transacting (including publishing a post like this) as long as you have the RC to do so which is easily obtainable by powering up HIVE.

This is an ongoing story and I will update this post as it develops.

Appendix 1: Apparently this has been a widespread issue across the platform. I have not heard anything back from them after >24 hours.

Update 1: Account is back up. Following and follower counts are gone though.

Update 2: Everything is back in shape.