I've never used Twitter, back when it first started I created an account but never used it. Lately I've been getting email notifications that someone has been trying access my account. The same thing happened once with my old apple account which I also don't use (I used it for iTunes about 20 years ago, I don't use Apple products) so I went straight to Apple and made my password super long and complex. I still "own" some music and a few movies there. I did the same with Twitter, I don't have any kind of investment there but my Twitter name is pretty good (based on my domain name) and I don't want some cunt getting procession of it. I also setup 2FA in Twitter while I was at it.
Suspicious login
Device: iPhone
Location*: Recife, Brazil
When: Sunday, April 21, 2024 at 4:57 PM PDT (26 minutes ago)
*Location is approximate based on the login's IP address.
At least now the next time my domain host goes down I can see their detailed status updates (they still use Twitter).
It's probably automation that knocks on doors until they find a successful login. In the case of the one pasted, that looks like a successful login and you caught it before they could do anything with it.
My auntie got her mail hacked and they sent out emails to her contacts asking for gift cards. At that point it was a human doing it because they were tailored. (e.g. "I'm having trouble buying an Amazon gift card for my friend blahblah that has cancer, can you buy one for me and send me the number?". She does have a friend that has cancer etc. and it's relevant because she's spoken about it to my mother in email. Another contact gets a different one that's believable based on email communications.) Of course we didn't fall for it (my mother knew that wasn't right immediately too) but it was pretty good tomfoolery.
This happened after I dropped the ball when she was here visiting, her account seemed OK and I didn't want to disrupt it on all her devices. She deletes stuff and didn't have the warning message or whatever it was for me to look at, and couldn't tell me what it said (lol) so I really had no evidence. I forget some of the circumstances, but I was wrong and it really was compromised. If I'd have acted, despite the annoying inconvenience of it having to be changed on all her devices here and at home, I could have prevented it from going that far. Fortunately her son in law caught the play and was able to act immediately (he was working from home) and knew how to get her to recover the accounts (he did some Apple chat thing and showed screenshots)
So the moral of the story is, when those warnings come, go to the service's web site and lock down with a new password whether it looks legit or not.
Yeah a lot of people will click on the link in the email rather than going directly to the site.
At the top of the notification it says "attempt" so maybe they didn't succeed. Back in those days my passwords weren't nearly as strong as now so I wasn't sure what I'd find. I don't see any activity though. Here's the full text of the notification:
Suspicious login alert
There was an attempt to log in to your account @Wildmacaw that seems suspicious.
Suspicious login
Device: iPhone
Location*: Recife, Brazil
When: Sunday, April 21, 2024 at 4:57 PM PDT (5 hours ago)
*Location is approximate based on the login's IP address.
If this was you
• There's no need to take any action right now. Just to be safe, you'll need to answer some security questions the next time you log in to this account.
If this wasn't you
• Change your password now to protect your account. You'll be logged out of all your active X sessions except the one you're using at this time.
Ahh, maybe not then. I'm going to guess the algorithm alerts when it doesn't match the geographical area the account is used from. It probably flags it as suspicious activity. So if you go on vacation somewhere and use the account, you're going to have to jump through verification hoops etc.
That happened to me when work switched me from using their remote virtual machine to the laptop. Their VM was based in Texas or Florida, and right after I started using the laptop I got a message from the client facilities IT department about the change in location, and I had to change my password.
