How @blanket handled a Twitter hijacking

First, he panicked. Then, he started tracking down the hacker who stole his Twitter handle.

Mar 3, 2020, 2:12 am*

Internet Culture


Kris Holt

When Daniel Jones tried to share a “silly news story” on Twitter Saturday morning, he found he couldn’t log in. As it turns out, his account—@blanket—had been hijacked and was being sold on the black market for $60.

Jones’s initial reaction was to panic, he told the Daily Dot.

“I immediately thought of [Wired senior writer Mat Honan] and what he went through when his digital identity was wiped in order to get access to his twitter. Luckily, since his story got out, a lot of new security measures have been put into place, and I have taken advantage of them. I finally attempted another password reset using my email instead of the username. Twitter recognized my email — whoever had cracked @blanket had left my original account intact, but applied the username @FuckMyAssHoleLO. (pardon my French, but that’s what it said). Consider me freaked.”

The account was suspended after Jones reported, blocked, and filed support requests about it. However, he is still without his account and it was unsuspended as of Sunday afternoon.

Jones, 31, has been in contact with a hijacker who goes by “Moon,” and knows n0rth (a.k.a. “Noah”), the person who took control of @blanket.

“Moon …  generally seemed thoughtful and not the kind of hacker who does things only for the lolz,” Jones told the Daily Dot via email. “He was nervous to put friends in touch with me even though he was comfortable talking.”

Jones added that he was hoping to speak with Noah to gain his perspective Monday.

Moon, a 14-year-old who started hijacking accounts just two weeks ago, told Jones that he uses a “password list that consists of a typical dictionary word combined with simple numbers.” This helps hackers gain access to accounts with vulnerable passwords fairly easily, after which they can do as they choose with them.

As pointed out by tipster Jay S, the black market forum where Noah attempted to sell the @blanket username was apparently hacked by Cosmo, a 15-year-old hacker who has infiltrated Amazon, Apple and Netflix, and was profiled by Honan last month.

Jones, who believes he joined Twitter in 2008 and had around 750 followers prior to the hijack, said while hackers unquestionably cause problems for their victims, they help expose security gaps.

“I would hope Twitter is considering higher security options, like multi-factor verification. Twitter’s IP-based account login lockout is also super easy to get around. I am neither a security expert, nor a hacker, but I have learned enough from this weekend’s experience to see that Twitter has security loopholes the size of a crater. If 14 year olds with no hacking experience and a program they downloaded can break in, I’m worried what someone with more malicious intent could do.”

He claimed Twitter needs a login and verification process that will add a further layer of security to prevent access via brute-force password cracking, and suggested that having a password consisting of “four words, all in different languages, with a number” would be a good way to keep hackers out.

So far, Twitter hasn’t offered much in the way of assistance. Jones submitted support requests to the company, and received notice last night which stated that, “”The email address you’re writing from does not match the email on this account. For privacy reasons, we can’t offer any more information about the email.”

Jones has hope that he’ll be able to regain control of @blanket: “I and some colleagues have attempted to lean on friends who work in/with twitter. I’ve got my fingers crossed.”

UPDATE: Jones reports that his account was restored by Twitter support on Monday afternoon.

Photo by Daniel Jones

Share this article
*First Published: Oct 1, 2012, 12:26 pm