LAST Wednesday, my blue-tick verified account on X, with 93,400 followers, was hacked and taken over by scammers. What happened next was arguably even more alarming: despite reporting the breach immediately and providing proof of my identity, X refused to act, allowing the account to be used to target others.
This is not just a personal story. It exposes a serious failure in the platform’s ability, or willingness, to protect its users, even those paying for verification.
The moment I lost control
At around 3pm on March 18, I was actively using X on my mobile phone when the app suddenly stopped and presented me with a login screen. I was asked to re-enter my username and password. Assuming this was routine, I did so. My password was rejected. Within seconds, I realised I had lost access to my account.
Ten minutes later, a friend alerted me that my account was already posting an obvious cryptocurrency scam.
Immediate report, immediate rejection
I reported the hack straight away using X’s official web support system. The response I received was extraordinary: they said they could not assist further because they were unable to verify my identity, even though the account is blue-tick verified with 93,400 followers.
Meanwhile, the attackers had already taken steps to lock me out completely.
Locked out while criminals took over
I later discovered that the hackers had changed the email address associated with my account, which was my old university email address. A message from X, timestamped 15:03, confirmed the change.
I submitted multiple follow-up requests to X from both my primary email and the original university address. I also provided clear proof of identity, including a copy of my passport. I received no response.
From public scam to private exploitation
For the first two days, the attackers did nothing to my account other than leaving up the post with the cryptocurrency scam. Then things got much more serious.
On Friday evening, March 20, I was alerted that the scammers had removed the public post, so that anyone visiting my profile would see only my normal content. At the same time, they began sending direct messages from my account to people I follow and who follow me.
These messages asked recipients to ‘vote for me’ via a malicious link, a phishing attempt designed to scam others. (Steve Kirsh has published an article about this.)
X allowed this to continue
At no point did X suspend or even temporarily restrict my account, despite having been notified immediately that it had been compromised.
Many friends who have very large verified accounts (for example, Leilani Dowding) posted messages alerting X_support to the problem, but these were also ignored.
The platform effectively allowed criminals to continue operating under my identity, targeting my network, while ignoring repeated warnings and evidence.
I find this shocking. At the very least, X could have blocked the account while the situation was investigated. Instead, it remained fully active in the hands of scammers.
How it may have happened
A few days before the hack, I had received a message via WhatsApp that appeared to come from Laura Perrins, who has since posted an article about how she was hacked. It asked me to vote for her via a link.
The link led to a page that looked like an X login screen. I entered my credentials but quickly realised it was likely a scam and immediately changed my password.
In hindsight, it is possible that my account had already been compromised or flagged as a target at that point.
A wider warning
This incident raises serious concerns about the security of X accounts, particularly those that are verified and paid for. Blue-tick verification is supposed to signal authenticity and trust. In my case, it provided no protection at all.
More worryingly, the platform’s failure to act did not just affect me, it potentially exposed many others to scams carried out in my name.
If this can happen to a high-profile, verified account, and the platform still refuses to intervene, it raises an urgent question: who exactly is being protected? The damage is not just technical, it is reputational and professional. Many of the people I follow, including highly influential individuals who also follow me, have received scam messages appearing to come directly from my account. There is no guarantee they will realise these messages were not genuinely from me.
At the same time, I have been completely cut off from a platform I rely on professionally. I used my account to promote my last book in 2024 and was about to begin publicising my next to my 93,400 followers when this happened. That opportunity has now been derailed, and the credibility of the account itself may be permanently compromised. Years spent building a trusted audience have, in effect, been handed over to scammers, who it seems are currently getting more practical support from X than I am.
This article appeared in Where are the numbers? on March 21, 2026, and is republished by kind permission.
