Am I hacked again?

UPDATE: Hackers attempted to take over my domain but didn’t quite get away with it this time. Dreamhost was much more helpful this time than when I was attacked in 2013.

I’m 99% sure that my domain hosting and Twitter account are under attack right now. I can’t access either account and this is almost exactly what happened in 2013 when someone hacked half a dozen of my online accounts so he could get into @ruby thinking he could sell it on a hacker forum. This didn’t go well for him, but it was also an enormous pain in the ass for me.

You can see the whole story starting here:

How to tell my story

I have finally finished compiling my detailed timeline of how I got hacked and then unhacked myself. It includes the exact times that I received password reset messages, when I wrote to support, when they wrote back to help, when they gave me the finger, etc.

I’ve got it all in a spreadsheet.  Now, how can I display this publicly? I’d love to make a timeline like this Or is there a Google widget I could connect to a Google Doc Spreadsheet?

This would also make great fodder for any reporter who wants to help people understand and avoid this, and/or to write about how shockingly unresponsive certain companies can be (cough, Twitter) when their own services are compromised.

Doing the 2-step

So right after my Twitter account was hacked I learned that Twitter had finally implemented 2-step authentication just days earlier. I have now turned it on, of course.

But the really gigantic part of getting hacked was losing control over my entire Dreamhost account including several websites, e-mail addresses, and domain names.  Today I learned that Dreamhost also offers 2-step authentication. But they are not doing much to encourage people to use it. I Googled and was able to find these instructions and am so relieved to have this in place now.

I already had this enabled for Google and Facebook, but now that I’m looking at it, there are many other services that offer 2-step (a.k.a. 2-factor) authentication, including Dropbox and Paypal. LinkedIn just started using it this week. I’m a little annoyed that I had to go looking to find out about many of these.

So here’s my list so far who supports 2-step:

  • Google
  • Facebook
  • Twitter
  • Dreamhost
  • LinkedIn
  • Dropbox
  • PayPal/eBay

Did I forget any? The best way to find out if your favorite web service supports this is to Google “2-step” and the name of the service.

Thawing at Dreamhost?

Are they getting sick of my complaining e-mails or is the social pressure working? I don’t know but this evening Dreamhost offered me a different way to authenticate myself, which I have now done!  It will be hours before they reply of course, if not more.


I also spent some time rifling through all my old credit card bills and I couldn’t find any with Dreamhost charges on them. In fact, I thought I was paying them through PayPal. It’s been years since I fiddled with that account.

Image credit

Tickets, please

A few folks have asked for my support ticket numbers with Twitter and Dreamhost to follow up. I’m a little nervous about posting them publicly as the hacker might try to engineer that against me.

If you have a contact at either company and would like the ticket number, either comment on this post and I’ll reply to you at the e-mail on your Disqus account, or use Tumblr’s Ask-me-a-question thingy and I’ll send them privately (if I know you).

One last try

Hello, friends. Many of you have helped me by reaching out to your personal contacts who work at Twitter or Dreamhost, and some have even written angry letters to them. I appreciate this support. Although it hasn’t had any visible impact yet, there must be a point at which it can break through the wall.

I can understand that they don’t know if I’m really me, but many of you actually know me. You are friends here in NC, you are colleagues in nonprofit tech, and you have been following me on Twitter for 6 years or more. And you know that I would never do this:


When my account used to look almost like this (the screenshot was taken after the hacking started, but before the account was wiped out):


As I posted earlier, my next step is going to be contacting the FBI and it really does not sound like fun. I can barely keep up with my life as it is (family, job, changing passwords on every account ever, etc.) without making a campaign out of this, so I need your help. I’d like to ask everyone to make one last attempt to reach some human beings at Twitter and especially at Dreamhost. Even if you don’t know anyone who can intervene directly, just retweet/share the link to this page.


Ever since reading last year about the epic hacking of Mat Honan , all for his short Twitter ID “@Mat” I have been worried the same thing might happen to me. Fortunately, I haven’t handed over quite as much of my life to Apple as Mat had done. But I still get nervous whenever people try to hack into my Twitter account, which has been tried repeatedly. Twitter has always ignored my requests for attention to this.

That shit did hit the fan this weekend. I managed to restore several key accounts and nothing has been irreversibly damaged that I know of (yet). However, I am still locked out of Twitter and even worse my entire Dreamhost account (including domain names, e-mail addresses, and web sites) are in the hands of my hacker.

Catch 22

So Twitter will only respond to, which was associated with @ruby.  The hackers changed @ruby to @notrubyyo, and then deleted it. Who knows what address they have associated with the new @ruby account?

My Dreamhost account (which includes DNS) has been hacked and they are also not talking to me because I haven’t successfully proven who I am to them. (Only their customer of about 12 years.)  Their password reset only uses e-mail, no security questions or SMS back up.

Dreamhost are also much slower to respond when they think I’m not a customer so it’s taking forever to get anywhere, and they refuse to talk on the phone.

Dreamhost gives me the finger

After being a loyal customer for well over ten years, Dreamhost is apparently brushing me off like so much dandruff.  I can’t understand why they’re not concerned about a known malicious hacker having access to their web servers, DNS, e-mail servers, etc. 

As you have not provided the primary four digits of the account number in
question, I am unable to verify that this card is on file.

On Tue, 28 May 2013, you wrote:

> Hello? You stopped responding. I can’t express to you the level of
> additional damage that is possible while the hackers are in control of my
> web spaces and domain names!
> Would it be better to call? My number is XXX-XXX-XXXX.
> = Ruby

Unfortunately, due to documentation requirements, phone call back support
is unavailable for abuse and security related issues.

If you have any further questions regarding your DreamHost services,
submit a support request at any time.


Erik N.

And since I can’t get to my address at, Twitter (where I have been a user since 2006) won’t even talk to me. No concern at all about the loss of 17k tweets and 3k followers. When I get home I will tear up the house trying to find whatever freaking credit card I’ve had on my Dreamhost account forever.

Thank you, Apple. Twitter, not so much.

This morning I restored access to my Apple ID and locked out the hacker. I also got this from Twitter, just reinforcing that they do not give a shit about me (one of their first 1,000 users). 


Unfortunately, we need to communicate with you via the email address that has been associated with the original account. Please work with the email provider to secure your email account. I’ve just sent you another email to that email address.

Anyone can enter your username in this form and trigger a password reset: make it more difficult to trigger a password reset, you can enable the option ‘Require personal information to reset my password’ in your account settings under



Notice how there is not even any interest in my archive of tweets, nor my 3,000+ followers. And I have not heard back from Dreamhost, which is the main hurdle in getting access to my e-mail at