Until last week, the British mathematician and writer Professor Norman Fenton had an active account on Elon Musk’s rebranded “X” platform, where he had been active for well over a decade, accumulating 93,400 followers. Gript’s own Laura Perrins had similarly used the platform for more than ten years, racking up 52,000 followers. Both were paying customers of X, handing Elon Musk money every month for their “verified” status and alleged “premium benefits”.
A third user, the well known Irish activist Paddy Manning, was likewise a blue-ticked paying customer, had racked up a big following of 17,000 users, and had accumulated years of use of the platform.
Over the course of just a few days, all three had their X accounts stolen, and in the case of Perrins and Fenton, turned into click farms for online cryptocurrency scammers. In all three cases, Musk’s X has refused to do anything about it.
Here’s Fenton’s version of the story:
At around 3:00pm on 18 March, I was actively using X on my mobile phone when the app suddenly stopped and presented me with a login screen. I was asked to re-enter my username and password. Assuming this was routine, I did so.
My password was rejected. Within seconds, I realised I had lost access to my account.
Ten minutes later, a friend alerted me that my account was already posting an obvious cryptocurrency scam.
I reported the hack straight away using X’s official web support system. The response I received was extraordinary: they said they could not assist further because they were unable to verify my identity, even though the account is blue-tick verified with 93,400 followers.
At no point did X suspend or even temporarily restrict my account, despite having been notified immediately that it had been compromised.
Many friends who have very large verified accounts (such as, for example, Leilani Dowding) posted messages alerting X_support to the problem, but these were also ignored.
The platform effectively allowed criminals to continue operating under my identity, targeting my network, while ignoring repeated warnings and evidence.
For Laura’s version, which is almost identical, you can read her article on this platform from last week here.
In both cases, the fact that the accounts were hacked and stolen is obvious to the naked eye: Long-standing paying users who have suddenly either had their handles changed (as in Laura’s case) or their photos changed, or both. Both of whom have suddenly started tweeting out cryptocurrency scams. Both of whom have lots of other users alerting twitter (now X) that their accounts have been stolen. And in both cases, as with Paddy Manning’s, X has responded to say, in effect, “not our problem, nothing we can do”.
Verifying the identity of these users would not be difficult for X: Both Perrins and Fenton were paying customers, whose bank details are in X’s possession. A single human being, applying basic common sense, would be able to see what has happened here, and address it. Which leaves us with the obvious conclusion that under Elon Musk, X no longer cares enough about its users to employ human beings to protect the security of its paying customers. Instead, they get this:
Remember, dear reader, that it is not just public content that has been lost: Perrins, Fenton, and Manning have also lost access to years of direct messages, probably containing countless email addresses, phone numbers, and private information belonging to third parties who conversed with them privately on the app. Nor are they the only three victims: The scam afflicting them has ensnared hundreds if not thousands of smaller accounts, as well as politicians.
In Laura Perrins case, for example, she was ensnared by a direct message from a smaller, but trusted account that had been hacked before hers without the knowledge of the user, who was an “occasional” poster who had not checked his own account and therefore could not warn others that he had been hacked. She alerted twitter within two minutes of making the error – a time period in which they could have suspended the account or taken any number of actions to protect their customer. They did nothing.
This writer has, over the last week, received three separate phishing messages from other accounts that I follow, trying to ensnare me into the same trap. All of those accounts have clearly been stolen, also. There has been no public comment on the matter from X, and emails from this writer seeking comment have not been acknowledged at the time of publication.
Since Musk took over X, there has been much praise for him from the political right for – allegedly – enhancing “free speech” on the platform. Few on the right have been willing to openly acknowledge, however, the downsides to his approach: A platform increasingly dominated by Artifical Intelligence accounts, Porn-hawkers, and openly extremist content to the detriment of reasonable conversation. Now, it appears, the platform will not even take basic steps to protect the online identities and reputations of long-standing paying customers with large and popular accounts.
It is an axiom of business that those companies that do not look after their product and their customers in the long term will find that they hemorrhage business.
It is true of course that in the case of both Perrins and Fenton, they made a mistake: Both opened messages (though Fenton says his came via whatsapp) from trusted followers, and chose to “vote” for their followers in alleged competitions, and in so doing compromised themselves to the hackers. But such scams are commonplace, and ingeniously designed. It is generally accepted that while the individual bears some responsibility for their own security, online platforms also have a responsibility to work with their customers to protect them. In this case, Musk’s X has displayed a callous and notable indifference to what has happened to their own users.
That is not good enough. And – for all its flaws – it would not have happened under the “old” twitter. Musk’s political proclivities do not, and should not, insulate him and his company from the basic duty of care to their users that every other company is expected to uphold.
If you have an X account, and particularly if you are a paying customer, beware.