An illustration of a mobile phone with a social media profile on the screen. The phone is wrapped in a chain with a padlock, in the shape of a speech bubble, locking the chain togetherBBC Three

Twitter trolls stole my identity

'Give me back your Twitter, bitch,' they said. 'Otherwise I’ll come for your gmail as well.'

Radhika Sanghani

Some strong language

Last month, I was scrolling Twitter when I was suddenly asked to log in again. It was a bit strange, but I didn’t think much of it. For some reason, my password wasn’t working so I reset it, and went back to my profile. It was then that I saw my 10,000 followers and every single tweet I’d ever written had disappeared.

My follower count read zero. I kept refreshing my page, feeling confused but assuming it was an error, when I was asked to log in again. Then a message popped up on my phone from an unknown email address.

“Give me back your Twitter, bitch,” it read. “Otherwise I’ll come for your gmail as well.”

That’s when it hit me that I’d been hacked. I felt sick, and quickly went to reset the password again, but the hacker got their first - changing my password, plus the email address and phone numbers linked to my account, which meant I had no way of getting back in. I was officially locked out.

Unfortunately, I’m not alone in having my social media hacked. A recent report from the Parliament Street think tank found that cyber crime increased by 14% between 2016 and 2018. In the UK, the police launched over 1,300 investigations into computer and social media hacking in 2017/18, according to data obtained under the FOI act. A study in the US found nearly two-thirds of adults with social media accounts said they’d been hacked.

So what’s fuelling the rise? Dr Jessica Barker, cyber security expert, explains: “I think partly because we use social media more, but also as with any cyber crime activity, the more successful it is, the more it grows. The main benefit for criminals is they can leverage people’s contacts to spread spam or to sell illegitimate goods, or send phishing links to send malware. Some people are targeted because they want to make a political point or disrupt someone’s work or activism online.”

Hacking is illegal in the UK and can carry a jail sentence of anything from between two years to life imprisonment - but when I was hacked, it didn’t occur to me that I could call the police. It didn’t feel serious enough. Instead, I immediately contacted Twitter and filed an incident report. While I waited for a response, I kept trying unsuccessfully to reset my password. In desperation, a few hours later, I texted the hacker back. “You’re pathetic,” I wrote. “Get your own life.”

It wasn’t my best idea. I’d blocked their number so I couldn’t see any potential cruel responses back to me. But the hacker was so incensed that they started attacking my Twitter account. They changed my username to ‘fuckuuuf***ot’ and started tweeting messages in support of the ‘Islamic State' group and terrorism. Concerned friends and followers started texting me screenshots. "You’ve been hacked," they wrote. "Are you okay?"

A split screen illustration – the left showing the hacker typing on a computer and the right side showing a woman with her head in her handsBBC Three

I wasn’t. I felt violated – and furious. As someone who writes a lot on feminism and racism, I’m sadly used to being trolled. I’m often told to go and kill myself, and am frequently told how ‘ugly’ and ‘worthless’ I am. Those comments are always hard to receive, but I try not to read them.

But this was the first time someone had hacked me and impersonated me. By deleting all my followers and tweets, I felt like they’d taken away my platform. I wanted to find it funny, but it was too raw. The worst part was when it started affecting me on a professional level. 

I use Twitter to share my work (almost like an online CV) and to find stories. Having that taken away from me, and not knowing if I would ever get it back, was a disturbing experience. 

Luckily, I was given back control of my account a day later - but it still had zero followers and tweets, and everyone I’d once followed was now blocked. I received emails from angry colleagues asking, “Why have you blocked me? I don’t understand.” Twitter promised they’d try to fix the problem but couldn’t give me a time-frame.

I continued asking Twitter for updates on my case, but was told my only option was to wait. No interest was expressed in trying to find my hacker either – the only thing I knew about them was that they were based in Virginia, because that’s where my account was last logged in from. 

Four weeks in, my account was finally restored. But not everyone is so lucky. When 32-year-old writer Etan Smallman had his Twitter hacked last year, the hacker deleted nine years’ worth of tweets and followers, and started writing bizarre messages like “Is it gay to look in the mirror?!? I mean u literally looking at another human being naked.” Etan contacted Twitter straight away, and was allowed back into his account days later, but received no response when he asked for help recovering his tweets and followers.

“I feel that the whole response from Twitter was inept,” he says. “The activity was obviously suspicious, and should have been picked up before all my tweets were allowed to be obliterated. For me, the tweets were an archive of nine years of personal and professional experiences – and it never occurred to me that someone would be able to gain access so easily, and destroy it all. I had to spend hours re-following everyone who had been unfollowed (many of who were probably wondering what they had done to upset me!)”

When I got in touch with Twitter for the purpose of this article, a spokesperson urged people to turn on ‘two factor authentication’, where they’re sent a code to their email or phone number before they can log in. The spokesperson said: “We also recently updated our rules to prohibit the distribution of hacked materials, such as people's private information, and expanded the criteria for when we take action on accounts, which claim responsibility for a hack, including threats.” The spokesperson was unable to confirm Twitter’s policy on restoring compromised accounts, but said the platform will do so if possible.

But it doesn’t just happen on Twitter. In November, Ebonie Allard woke up to find she couldn’t access her Facebook business page because she had apparently ‘violated community standards’. The life coach and author followed the relevant steps to regain access, of sending in her driver’s licence and taking a real-time photo, but was told she was blocked. She then tried to log in to her personal profile – and couldn’t.

A troll on squatting in a room displayed on the screen of a laptopBBC Three

That was the start of an incredibly frustrating month trying to regain access to her blue-ticked business page, only to find that it had been taken over by hackers in India, who were using it to sell sex and guns. “I was getting about 200 messages on WhatsApp a day,” she says, as her phone number was on her business page but she wasn’t able to get back in and delete it.

“I was sent dick pics, photos of flowers. I didn’t know what do. I was really professional and strong for a week, but when there was no progress, I called my dad and burst into tears. I felt really vulnerable, violated, scared – and silly. Like someone had punched me in the stomach or broken into my house, looked at all my stuff and was pretending to be me.”

When she couldn’t get a response from Facebook, Ebonie asked friends for help. Fortunately, one of them knew someone who worked for the organisation’s legal department, and pleaded with them to raise an internal query. A month later, Ebonie finally got her account back, but found she’d lost 1,000 of her 3,500 followers, and a year’s worth of her content. She spent hours trying to delete all the sexual and inappropriate posts left by the hackers.

“It was like I’d come back into my house someone had squatted in,” she says. “I messaged Facebook asking them to help me do a clean-up of my feed because I couldn’t delete it all – but I didn’t get a reply. I think I lost £10,000 because of the experience. I get most of my client work through Facebook, and sell things on my page, so there was that impact. But also, I was so busy trying to fix this every day that I couldn’t focus on my daily work.”

When I contacted Facebook for this article, I was told they are now looking into exactly what happened to Ebonie, and they urged users to sign up for two-factor authentication too, and watch out for suspicious links, malware, and to make sure they have strong passwords.

But Dr Barker thinks it’s not enough. “People are often really frustrated it takes a long time for the platforms to verify it’s your account. It’s something I’d heard a lot from small businesses who rely on Facebook for income and marketing. I’ve heard they either don’t get access back, or because they haven’t restored the content, it’s damaged their operations.”

She hopes that social platforms will follow in the footsteps of other online platforms, like Gmail, who have looked into the pattern of how criminals operate, and have been able to improve security measures with their research. “If these social media platforms are asking people to use a service, and they get a benefit from us sharing our data, they need to take action on it,” she says.

Especially as the experience can impact mental health. “Victims feel extremely vulnerable, psychologically, because their identity has been threatened,” says Dr Arthur Cassidy, a social media psychologist. “Their private world that belongs to them is no longer theirs, their narrative they're acquired over the years - contacts, comments, phones - all that they've treasured is taken from them. It's a form of online robbery really, because it all becomes the property of the troll.”

An illustration of a mobile phone with a social media profile on the screen. The phone is wrapped in a chain with a padlock, in the shape of a speech bubble, locking the chain togetherBBC Three

Sadly, in Ebonie’s case, it’s too late. Her hacking experience has now changed her relationship with the social network. “I used to be a big Facebook advocate, and a huge amount of my business was run through there. But now I don’t want to rely on it. I’ve made business decisions that mean we find other ways to do things, such as focusing more on my website than Facebook. I’m scared to use it now. I’d much rather keep things offline.”

I know what she means. If I didn’t need social media for work, I’d close my accounts without hesitation but, because of the professional benefits they have for me, I stick with them. It still worries me that it was so easy for me to get hacked. But the experience has taught me to be smarter about my internet usage. I’ve set up two-factor authentication on everything, made my passwords stronger than ever and update all the apps and software on my phone regularly.

It’s all I can do - and in the meantime, I just hope stories like mine will encourage social media networks to do everything they can to make it harder for cyber crime to take place on their platforms. Falling prey to a hacker is a vulnerable - and frightening feeling.