I Got Banned From X This Past Week. That’s Not the Only Strange Thing Happening on My Accounts.

I’ll admit it— I am kind of addicted to X (formerly known as Twitter). Anyone who followed my account knows that I have a tab open on the site at almost all times. When I’m not promoting my work or sharing my opinions on current events, I’m constantly hitting the retweet button on almost anything I find worth sharing, from old-school F1 discourse to stupid viral realizations that get a chuckle out of me.

That second category was my last retweet before everything went sideways.

On Wednesday, December 31, 2025, my X account got suspended.

It took me some time to realize what had happened. I woke up, made breakfast, got dressed— my usual routine, all while being none the wiser.

But then, I opened the app while I was at work. I noticed that both my “followers” and “following” had dropped to zero. While I was shocked, I initially shrugged it off. Maybe the app was glitching? It wouldn’t be the first time that happened.

But the longer I stared at it, the more obvious it became: I got banned from the website.

The specific reason X gave me was “inauthentic activity”— or to put it in simpler terms, behavior they classify as automated or deceptive. They didn’t offer a more detailed explanation, or even examples of tweets where I showed such “inauthentic activity”. All I got was an email saying “your account did this, and now you’re suspended. Good luck!”

Of course, I submitted an appeal almost immediately. I argued that I am a real person, I post manually, and I have an established posting pattern. As of this writing, I have not received a response.

But here’s what matters more than the ban itself: This is just the latest in a series of weird happenings on my social media accounts. None were completely catastrophic on their own, but it was consistent enough to feel like a pattern.

Let’s flash back to early December, when my main YouTube channel got hacked and deleted for a day, and the events leading up to it.

I’ll preface this section by saying this is partly on me for not recognizing the signs of a scam.

In late November, I received what looked like a fairly standard creator outreach message. Someone claiming to be affiliated with a major YouTube channel contacted me, asking if I wanted to take part in a special project. I won’t name the channel here as the actual channel they claimed to represent is innocent in all this, and had nothing to do with what followed.

They used the identity of a channel with a significant enough following for me to assume everything was above board. Their YouTube channel is even LINKED to the X account that reached out to me. There was nothing about the account that suggested it was fraudulent.

We discussed what exactly I would be doing for the project, and how I would get compensated and credited in return. They never asked for my password, account information, or anything that could set off a red flag in my head as “scam”. But here’s the thing— I didn’t know how different modern account takeovers look compared to the scams most of us are warned about.

The account told me that I would be signing my contract through a Windows-only “contract viewer”, a special app I would have to download and execute because, as it was explained to me, the software was sponsoring the series. This didn’t register immediately as I was visiting family at the time, and again, this seemed normal.

That context matters. I wasn’t at my usual workspace, interacting with family friends I don’t see very often. Nothing about the request suggested urgency, and I was none the wiser. Besides, sponsorships are common for content creators, and special software for secure materials isn’t all that uncommon.

In fact, the setup almost worked in its favor. The extra step read as a sign of a “real” operation rather than a shortcut. Scams are supposed to be crude. This felt procedural.

What I didn’t understand then is that the sophistication is the point. Modern takeovers don’t need you to make a dramatic mistake. They only need you to behave normally once. And that was my mistake.

According to the internet, I was the victim of a session hijacking attack, also called a token theft. That’s when a hacker uses malware to gain access to your session tokens on a browser, the thing websites use to remember that you’re already authenticated. Within minutes, I was booted from my YouTube account, with all of my multi-factor authentication methods suddenly changed. By the time I understood what was happening, I was watching over 15 years of work disappear in real-time.

The hackers moved cast once they had my account. They used my channel to livestream a cryptocurrency scam, which is common for these takeovers. That stream was enough to trigger YouTube’s automated moderation systems, which flagged the channel for harmful and dangerous content and terminated it. Of course, my viewers know me well and immediately assumed something was up. I told them as such, and that I contacted YouTube directly to regain access.

Fortunately, that only took a day since Google was able to quickly confirm that my account had been compromised. My account hasn’t had any similar violations, I had a clear paper trail detailing what happened, and I acted quickly enough to keep it from getting worse. I regained access, reset my password, and restored my MFA. The only downside was that some of my videos got new copyright flags that I had to resolve. That should have been the end of it.

It wasn’t.

Later that month, friends in my Discord server alerted me that I was mass-messaging them, you guessed it, another cryptocurrency scam. It was weird, since I wasn’t logged out at all. I still had account access, Nitro Classic, everything. From my side, nothing looked obviously wrong.

At the time, I chalked it up to a brief compromise tied to the earlier breach. Annoying, stressful, but contained once I logged out of all my sessions and reset my password. Another fire put out— no problem.

And then there was Twitter.

Twitter never fully crossed into sending scam DMs from my account, but it got close enough to set off alarm bells. My account suddenly became private, and my profile name and description changed. Not in a way that screamed “crypto bot,” but in a way that clearly wasn’t me. I changed everything back to the best of my abilities, warned X Premium my account got compromised, and thought it was all over.

But days later, the suspension hit. What frustrates me is not that X has rules— every platform does, whether you like them ot not. Instead, what frustrates me is how opaque those rules become once you’re on the wrong side of them. “Inauthentic activity” is a catch-all term. It doesn’t tell you what action triggered the ban, all it does is say it happened.

This is where the story loops back to the beginning. I wrote an appeal to X saying I’m a real person with a real history. I haven’t heard back as of now. Maybe I will. Maybe I won’t.

What matters more than whether I get the account back is what this chain of events revealed.

On their own, none of these incidents seem catastrophic. A hacked YouTube channel gets restored. A Discord scare is contained. A Twitter suspension may or may not be reversed. But together, they show how fragile our digital identities really are once automated systems decide something about you has changed.

I didn’t suddenly become “inauthentic.” One account was compromised, and the fallout rippled outward. Automated systems don’t understand context. They understand patterns, and once your pattern breaks, even briefly, you’re stuck trying to prove you’re still yourself.

I did what we’re all told to do. Strong passwords. Multi-factor authentication. Vigilance. And it still only took one executable, run once, at the wrong moment, to trigger weeks of cleanup and uncertainty. I just consider myself lucky that the malware ran on a computer I barely use, with a browser that only has a small handful of my logins.

And, I guess if there’s anything to take away from this, it’s simple: if something feels off, even if it looks professional, stop. Ask questions. Do your research before you agree to anything. Don’t repeat my mistakes.

Best,

-F