Slashdot Mirror
Why Social Media Users Have Trouble Reclaiming Hijacked Accounts (siliconvalley.com)
After their Instagram accounts were hijacked, two different users say they contacted Instagram ten times -- and even proved their identity by submitting selfies -- but received no response.
And one Silicon Valley newspaper points out that If your account is hijacked at Instagram, Google, Facebook, or Twitter, "there's nobody to call... your options are limited to submitting an automated online form and hoping an actual human being gets back to you." In his book "Zucked: Waking Up to the Facebook Catastrophe," longtime Silicon Valley investor Roger McNamee criticized tech companies' approach to user service: "The customer service department is reserved for advertisers. Users are the product, at best, so there is no one for them to call." That's by design at most companies that offer free online services. In "I'm Feeling Lucky: The Confessions of Google Employee Number 59," a 2011 book by Douglas Edwards, he wrote that as Google was beginning to grow, co-founder Sergey Brin asked, "Why do we need to answer user email anyway?"
Problems have multiplied as the companies' user bases have skyrocketed. Instagram cited its scale (1 billion users, a spokeswoman pointed out) as one reason all user questions are routed first to an automated system. Facebook, Twitter and Google said they use a combination of humans and automation -- but mostly automation, and in Google's case, forums made up of other users -- to respond to users' concerns. A Google spokesman said the company focuses on making sure user accounts don't get hacked in the first place...
One woman discovered her Instagram account had been hijacked and was now posting pornography. "My grandma and cousins are going to block me..." she complained in a tweet, adding "Thanks for nothing!" And the article also cites another woman in California who says she lost access to more than 600 photos she'd posted on Instagram -- only half of which were backed up. Her response? She created a new Instagram account, this one with two-factor authentication, "and plans to change her password more often."
James Plouffe, a lead security architect at a Silicon Valley security software company, also suggests that if you ever do regain access to a hijacked account, "check the account recovery procedures to make sure they're yours, not your attacker's!"
And one Silicon Valley newspaper points out that If your account is hijacked at Instagram, Google, Facebook, or Twitter, "there's nobody to call... your options are limited to submitting an automated online form and hoping an actual human being gets back to you." In his book "Zucked: Waking Up to the Facebook Catastrophe," longtime Silicon Valley investor Roger McNamee criticized tech companies' approach to user service: "The customer service department is reserved for advertisers. Users are the product, at best, so there is no one for them to call." That's by design at most companies that offer free online services. In "I'm Feeling Lucky: The Confessions of Google Employee Number 59," a 2011 book by Douglas Edwards, he wrote that as Google was beginning to grow, co-founder Sergey Brin asked, "Why do we need to answer user email anyway?"
Problems have multiplied as the companies' user bases have skyrocketed. Instagram cited its scale (1 billion users, a spokeswoman pointed out) as one reason all user questions are routed first to an automated system. Facebook, Twitter and Google said they use a combination of humans and automation -- but mostly automation, and in Google's case, forums made up of other users -- to respond to users' concerns. A Google spokesman said the company focuses on making sure user accounts don't get hacked in the first place...
One woman discovered her Instagram account had been hijacked and was now posting pornography. "My grandma and cousins are going to block me..." she complained in a tweet, adding "Thanks for nothing!" And the article also cites another woman in California who says she lost access to more than 600 photos she'd posted on Instagram -- only half of which were backed up. Her response? She created a new Instagram account, this one with two-factor authentication, "and plans to change her password more often."
James Plouffe, a lead security architect at a Silicon Valley security software company, also suggests that if you ever do regain access to a hijacked account, "check the account recovery procedures to make sure they're yours, not your attacker's!"
It time for people to realize that so called "social media" is a cancer! It is destructive to everything it touches, and without an kind of redeeming value at all!! To Fakebook, TWITter, etc, people are products to be sold out to whoever will pay. They don't care about people, or data breaches!
i.e. used the same password and was compromised elsewhere.
Or... ...am stupid and click every popup that shows in my browser and got a keylogger
Would filing a police report for idenitty theft help?
Would a letter from a lawyer demanding the account not be used by anyone else pending a resolution help?
How about a court order?
Granted, those are inconveniet and expensive, but the bad publicity of a few dozen cases of "I had to get a court order to get my account back" in a short period of time would be expensive for the social-media companies too. It might be enough to get them to streamline the procedures to regain control.
For people in the USA and other countries with similar laws that would get YOU arrested for fraudulently trying to "take over" someone else's account by claiming you were the rightful owner, it shouldnt take more than a notarized copy of your driver's license, an affidavit saying the account is mine, and an affidavit saying you are who you say you are for the social media company to at least kick out the imposter. As far as you getting control of the account back, they might insist on some kind of video interview.
For people who are in countries without a reasonably efficient legal system, and for people who - for good reasons or bad - deliberately lied about things like their birth dates when they created the account, well, it's going to be hard to prove you are the rightful owner.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
When you sign up for Social Media, you are NOT the customer, you are the product.
Would you a steak company to have a customer service line for the cattle? No. Only the paying customers get customer service.
If you willing sign up to be the product, do not expect any service except a knife in the front. Not the back, the front.
excitingthingstodo.blogspot.com
... someone stole the social media's unsalted password database without being caught and managed to crack my not-strong-enough password.
Or ... I logged in from a new device in a semi-public place and someone shoulder-surfed and saw what I was typing.
OK that last one isn't scale-able but it could happen in places like schools. My guess it that it happens at least once a week for the lulz of it at a middle school somewhere in America.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Social Media companies have absolutely zero motivation to help you recover a hacked account.
In fact, many people who get their account hacked then take to the social media platforms to complain about it. Others weigh in and there is more engagement happening.
I had a moderately popular Facebook group hacked, spammed and ultimately deleted. There was no way to contact anyone at Facebook about this.
I receive phishing emails sent obviously through Gmail. Google specifically will NOT do anything about this, they say it's up to you and the sender of the email to sort it out.
It's a tired cliche, but it's true - if you're not paying for the service then you are the product, not the customer.
Look at how quickly Facebook and Google respond to you if you are one of their customers - they have teams of people just waiting there to take your money.
Lost a domain and have a Twitter account linked to an email address on this domain....and I believe you have to 'confirm' the old email to swap, so that will be fun.
(Don't use domainsatcost.com - they didn't send me any notices after 7 days remaining, even tho they claim they did, and by the time I noticed the domain was gone, a squatter picked it up; who's to say they're not in cahoots to charge $100+ for an obscure domain name??)
Try to search for help on google products, go to any 'official' google support page. Read 1 OP, 1 cut and paste reply by a Google AI, then read 20 pages of 'WTF' Google. I don't know why they even bother to pretend they give a shit by providing contact info.
The only time I've ever seen Google reply is when I submitted a correction to Google maps. I presume they bothered because someone could have driven into the stand of trees that showed to have a road through it and sued them.
My Skype account is still screwed up from the time hackers exploited some security flaw and took it over. Since I didn't have any payment/banking information or any really useful personal info linked to Skype, the damage was minimal. I reset my password ages ago, but it's still in some sort of a restricted status that customer service is unable/unwilling to fix.
It's just annoying that if I ever have a need to use Skype again, I'll need to make yet another damn Microsoft account.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
And the article also cites another woman in California who says she lost access to more than 600 photos she'd posted on Instagram -- only half of which were backed up. Her response?
Well, at least she's learned how important it is to regularly back up your...
She created a new Instagram account, this one with two-factor authentication, "and plans to change her password more often."
I... what? No... that's not... sigh...
Irony: Agile development has too much intertia to be abandoned now.
Apparently the solution to a hijacked Facebook account is to create a new account. A relative impersonated me on Facebook. After jumping through all the Facebook hoops to try to claim my own damn Facebook account (I hadn't previously "planted my flag" by making my own account) with no response from Facebook, I read that it is common for someone to be impersonated on Facebook. So I impersonated myself on Facebook by making a new account, and that seems to have worked.
Wow, you really expect the likes of Facebook to give two shits about little old you?
They got your personal data, they milked you for every dime they could, and they made sure the scary 3 letter
government agencies got what they wanted, so they don't really have use for you anymore.
Go ahead and bad mouth them, like it will really make a difference.
and even proved their identity by submitting selfies
And what are selfies supposed to prove? That whoever claims to be the user at one point had received a selfie of the person who was using the account until now?
Cool... Take a selfie posted from facebook and send it to instagram claiming that should give me access to that instagram account...
Sorry but unless your drivers license has your instagramm account printed on there is no way to use it (or a selfie or passport or whatever) to proof that you are the person who created the account. Yes, those documents proof that you are who you are claiming to be, but NOT that you have created the account. (unless there was an ID check during account creation, but who does that? Half of the companies can't even be arsed to confirm the email address)
bickerdyke
... exclusively for anything mission-critical. That includes, of course, social networks.
Do not and never use your real name unless doing a regular online business transaction with trusted companies or in scenarios where you present yourself publicly online as a professional of some sort in an environment you yourself have total control over - such as, for example, an own website.
I've followed these rules for almost 3 decades and taught my daughter to do the exact same. There is no single online account I can't completely abandon or cut loose or migrate away from within a few hours without missing a beat. Anything else is bound to open up a world of pain if shit hits the fan.
We suffer more in our imagination than in reality. - Seneca
Would filing a police report for idenitty theft help?
Would a letter from a lawyer demanding the account not be used by anyone else pending a resolution help?
Which will near immediately start being abused to silence disliked opinions, etc.
See how DCMA is abused on YouTube.
(e.g.: by people looking for a way to demonetize or censor video criticizing them).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
It’s not just social media. So many online sites lack any meaningful way of being contacted if something goes wrong. A company hires developers to set up the site and establish a payments scheme and then seems to forget to hire any back office personnel to take care of customer service. At some point, this will take legislation to enforce standards of policy, an “Internet building code.”
Look at the tales from people whose PayPal accounts have been frozen for reasons they have never been given a clue about. This is a site primarily devoted to handling money. It gets worse from there.
Perhaps those signing up to the "social media" account were not that smart to begin with...
But how can they expect to get any "right" as the receiver of a FREE service (free, but at the same time, giving up your privacy).
Feel zero sympathy for those who believe they will change the world thanks to someone else's (FB, Twitter, etc.) free services. Don't be a moron. Stay away from "social media".
Me.
...they lost access to 600 selfies, likely all in the same poses.
This is comical.
Google definitely does respond to customers. When I have a problem or question about advertising, somebody usually gets right back to me.
When you say help with Google products, are you a customer or a data feeder? They don't respond (or have any reason to respond) to people who feed them their data.
I don't respond to AC's.
See 58401372 above.
Perjury - lying in a affidavit - is a crime in the Untied States. The threat of jail and having a criminal record should be deterrent enough, at least in the United States.
In places where it not a good enough deterrent, then I concede that this solution won't work.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Hire a lawyer. Sue them for enabling fraud or identity theft. That will get their attention.
Perjury - lying in a affidavit - is a crime in the Untied States. The threat of jail and having a criminal record should be deterrent enough, at least in the United States.
Again, have a look at the "abusive DMCA" situation on platform like YouTube.
How many of the abundant false claims have ended up with the liar getting jailed?
I can't even name a single occurrence that I've heard of.
(I'm not saying it never happened, I'm just saying that it's a rare enough occurrence)
Eventually that is what you're "sue Platform because I'm the rightful owner of the account"-system will devolve into.
Lost accounts are big thing (there's a market for hacked account, just to gain visibility for nefarious purpose on social media platforms).
It's not just a few random occurrences like the porn-account hijack mentioned in the summary.
It's a massive problem.
And if it's a massive problem, it means that there are going to be a lot of complaints.
Which means that some level of automation need to be added to the system to help cope with the volume of cases.
( ^- again, see the DMCA automatic take-down request filing)
Which in turn means some people are going to find a way to game the system.
And because the whole thing is going to be automated, it will be hard to get the attraction of some actual human reviewer when you want to say "I was sued about account hi-jack just as an attempt to silence me !".
It's going to be lawyers vs. lawyers (and thus expensive) to settle out these situations.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]