Why do my online accounts keep getting banned?

Fidelity is the one to focus on immediately because it's the most serious-- by far-- and they have walk-in locations where a real account rep can help you. The downtown SF location near Market & 2nd has excellent staff in my experience.

Fidelity might turn up something about identity theft, or credit reports, or red flags, or similar. If so, you can handle these. If not, then ask a private investigator for help; a good PI has research tools to find problems then help you fix them.

Almost sounds like your email is compromised. Change password if you haven't done that in a while. You should also check the last account activity (gmail: https://support.google.com/mail/answer/45938?hl=en)

Make sure you are using MFA for any account which allows this. Don't re-use passwords, get a password manager like 1password or bit warden.

Fidelity is the worrisome one. Someone could be impersonating you.

- check your credit report for any suspicious activity

- if you are tmobile client(or network that uses tmobile underneath), check to see if your SSN and DL was leaked last year

Did you do all this from the same phones/computers? My guess is you've got a persistent virus that's dedicated to staying with you whilst waiting for a big payoff or just proxying crap through your devices.

With something this persistent I'd also be open the possibility someone in your life is hacking you (room-mate, colleague, someone left alone with your tech) or maybe a very specific app you install on everything is compromised.

I'd get rid of most the hardware you own and start a new digital life from a coffee-shop nearby.

Assuming you haven't done anything else my guess will be something like having an IP/phone number that has been blacklisted because of a prior owner, having your personal details used by a scammer (e.g. if you've had your ID lost and then returned), you accidentally share the details with a scammer or something in that vein.

Found this post[0] from same username as yours. Is your phone okay?

0: https://old.reddit.com/r/GooglePixel/comments/t2cuuu/help_pi...

If you use ProtonMail or any other "private" email provider that will be why. I've had so many accounts blocked, locked, banned, and so on just because I use ProtonMail without a custom domain. I use the premium domain now (pm.me) for important things that I can't afford to go wrong.

These companies have a list of things they check for and if your score reaches a threshold you'll just be automatically locked out. In a lot of cases support will be totally useless and unable to help. I've tried to buy things before and been locked out, then just didn't bother, so it's their loss too.

Some offenders I've come across:

  * Apple
  * Amazon
  * Ebay
  * Netlify
  * Patreon
  * Discord
  * Vercel (formerly ZEIT)
  * SpareRoom

If figuring out why your banned accounts are getting banned isn’t fruitful, you could take a look at the accounts that haven’t been banned yet and see if there is anything suspicious on them. Spam, weird login sessions, unknown IPs; asking site owners could work as well (eg you could ask hn@ycombinator whether there is anything weird about your account).

You could try checking on https://haveibeenpwned.com/ if anything appears in there - or maybe just google for you email / phone number and see if it pops up anywhere?

Maybe also try checking your IP against various geolocation sites, just in case one is returning something wrong, or searching for it - see if it pops up on any sites as 'bad'

First, I second all the people here who said "focus on Fidelity". Absolutely, you should forget all the others, Fidelity is the most serious. Not only because of the direct implications of your financial account there, but because "people talk" in the financial industry, so you could easily see problems arising with other financial companies.

Now, moving on. You explicitly mention "SMS verification failed" for two separate providers. This to me smells as if your number has ended up on some fraud list (this could well be the reason behind Lyft too).

Perhaps you have been subject to SIM cloning ? Perhaps share your concerns with your phone provider ? Maybe go as far as changing your number (but perhaps not until you've fixed Fidelity if your Fidelity account is linked to your phone number).

My first thought is that you have an enemy who is messing with your online accounts.

Try creating a new email, and do not give anyone that email, keep it secret. Use this email to sign up for all new accounts. It will be a laborious process, but it's worth a try. If you want to be super paranoid rule out remote access to your devices or computers too -- get a new phone and do everything on there.

My initial guess is that you have a virus on your PC that is acting as relay and keeps doing nefarious things from your IP. Or you have a neighbor that has hacked your wifi.

I'd unplug your router and then wipe your computer clean and change the password on your Wifi. Then plug in the router again and see if you get a new IP address. IF not, unplug it again and call your ISP and tell them the router is broken so they send you a new one, which hopefully will get a new IP. Oh and also you might need a new phone number as yours might be blacklisted now.

Then start making new accounts. In the meantime follow up with Fidelity because as a bank they have a legal duty to work with you and at least give you some clues as to what happened.

Google recently blocked my logins because apparently according to them I have a malware installed. They ask me for my password and I provide it but they are unable to "verify that it is me". I am running a fresh Linux Mint installation.

I use a randomly generated password with 30+ characters. If I can provide it then they should assume that it is me. This is what I get for using gmail.

Check your IP geolocation, there might be an error in the geolocation database.

A lot of amazing technical advise, but I'm going to give the other type. Do you live with anyone or have someone in your life that you might not have parted on good terms with that had access to your devices? I've seen a "supportive spouse" sabotaging their significant other to take control. Security is often about a technical quirk, but you might need to look at the people around you. It sucks, but sometimes its the problem.

I'd suggest a full online reboot:

* reinstall the OS on whatever desktop/laptop you use, don't install any browser plugins, get a pihole to help with ads.

* Buy some Yubi key or similar U2F token. Install authy or similar on your phone that supports TOTP and HOTP and allows for backups. Enable U2F or HOTP/TOTP on any site that supports it.

* Use bitwarden or something of similar capabilities (keepassx, bitwarden or similar functionality self hosted if you want). Keep notes on recovery codes, security questions, old passwords, data of account creation, which email to use for verification, etc. etc. etc. The more info the better when it comes to recovering the account. Always use a random answer to any security question, not anything easy to guess or discover about you.

* buy a new phone with a new phone number (keep the old if needed), ideally an IOS or Google Pixel, both of which have really good security and don't install random crapware from the cell provider or manufacturer. In particular avoid Samsung androids and the crapware they install from "partners" and cell providers.

* get a new online email address, use a strong password not shared with any other service. Enable 2FA, never use SMS for 2FA.

* Open a new credit card, set the notification threshold to $1.00 and have it email or SMS you any transactions. Use your new email account. Use said credit card online and offline.

* Create an account on an credit reporting/watching service like experian, watch for any fraudulent activity.

* for any new account use the new credit card, new email, turn on 2FA (not SMS), use a unique strong password, and keep notes in your password DB. The only connections to your previous existence should be your home address and name.

* Do not use your email address/account for posting apps to the Google or Apple stores, various automated scanning can trigger a violation that will impact your Apple or Google account associated with it.

> Lyft. Got a generic error when requesting a ride, which told me to contact support. I contacted support and they said my account was suspended due to violation of ToS with fradulent activity. I asked exactly what they think I did to violate ToS and they would not tell me. I've taken hundreds of 5-star rides, never comitted any fraud, I don't drive for Lyft or even know anyone who does. To this day I still don't know what I did "wrong."

My god, this happened to me last week as well!! Suddenly my Lyft account wouldn't let me book a ride, but provided no reason why in the app. When I contacted their support, I was escalated until a rep wrote back:

"After investigating the issue with our risk team, I'm unable to re-open your account. Legally, we cannot release any additional information except that we found your account to be violating our Terms of Service."

All follow-ups inquiries that I sent were ignored, so I ended up just deleting my Lyft account instead, because if they're going to be that Kafakesque, what's the point?

Still can't figure out what on my phone would have caused any issues, my phone setup is standard Android that is NOT rooted...

Google accounts that haven't been logged into for years are basically dead at this point as far as I can tell. I lost access to a ~10 year old account that I didn't log into for years.

With good (if unfortunate) reason; the vast majority of old accounts are made by normal people as throwaways and likely have weak passwords that appear in existing password dumps. There is no other verifiable information attached to Google accounts with which attackers can be differentiated from the original user aside from any login cookies residing on a device that logged in before, and old accounts likely have access to other accounts as the recovery email address which would let attackers gain additional access to other systems by harvesting old Gmail accounts.

Your phone number may be associated with fraud in some way. Think about the only identifiers you give to these companies; IP (which changed without fixing the problem), name, phone number, email address. It's going to be one or more of those signals.

Your IP probably got on a list of Bad People. Tech companies share a list of bad ips and they tend to silently block. The last thing they want to do is provide a failure feedback loop the bad guys can use to map their fraud and abuse detection system.

Is your Wi-Fi password nontrivial? Are you using WPA? Lock down your Wi-Fi and call your ISP to ask that they expire your dhcp lease or assign you a new static IP. (If that’s not possible switch isps. For example if you have ATT fiber you can switch to Sonic. The fiber is the same but the service is actually handled differently)

Less likely but still worth considering: Do do you reuse passwords? If you reuse passwords it’s possible someone is doing some fraud on your behalf. Check haveibeenpwned to see if a email address associated with your shared password has been leaked.

If you don’t already start using a password manager and use unique, nontrivial passwords for everything.

It's possible that your information is flagged in a third-party risk monitoring system that these companies all use. Perhaps something like ThreatMetrix, from LexisNexis. There are others that operate in this space as well.

As for how to fix it, I'm not entirely sure. Since you are located in California, you might make CCPA requests to retrieve and then delete all of your data from as many companies as possible.

The Google problem is "normal", in my experience. If you're trying to access an inactive account, Google will almost always insist on a second factor (verification via secondary email account, phone number, etc). If you haven't configured any of that, getting access to the account becomes almost impossible. Even if you have the password.

How often do you change your password? Do you share passwords across services?

Does your email show up on haveibeenpwned?

The only thing I can think about, are bots doing credential stuffing and successfully inputting your password

The common factor with seemingly all of those accounts is a mobile number. That seems to be the only thing that really connects them all together.

Maybe there is something/someone doing something bad on your network, and every time one of your accounts logs in from the same IP they get associated with your phone number,browser fingerprint, and whatever other identifiable info they have about you.

When was the last time you updated your router firmware or changed your wifi password?

Is it possible your name or email address could be getting caught up in filters as a bad word or associated with something these businesses are against?

It seems very odd that this keeps happening over years, I'm really curious if some people from the companies mentioned will read this, and figure out what they have in common.

Being on HN has shown me one thing, when your accounts get locked or banned (and they will), the only way to get them reopened is to have a REALLY HUGE MEGAPHONE.

That means you either need a social media account with thousands of followers, or manage to write your story up in a way that will get you to the top of a major news source, such as HN.

Go get one of your annual free credit reports and read it carefully.

Easy questions:

What email provider are you using?

What telecom provider are you using for phone / internet?

Have you pickup up a new number in the last few years?

Is your internet shared with others?

Is your router a google wifi or similar updated router (or ISP provided)?

Any old computers on network?

When did you last run your credit?

Any changes in address overlap with this issue? In stone ages I used to have debt collectors literally coming to my door because of previous tenants. Also cops etc etc coming through. I only stayed there a few months, that address would have been trouble today I suspect.

Have you done any chargebacks in the last 2-3 years?

Something is almost certainly triggering a fraud detection system.

Check out datavisor for an example of how these things work.

https://www.datavisor.com/industry-solutions/marketplaces-ol...

False positive rates run 0.5% - 1% if folks are aggressive on these systems.

Fidelity might talk to you, but my guess is something backend is flagging, and no one on the front end will have a clue what its actually using to flag.

There's a number of theories stated here but I'd definitely highlight the idea that you've become interesting to law enforcement for one of a number of reasons. This pattern looks like ones experienced by sex workers, being banned from various services because the verification phone numbers are the same as those of a known Sex Work account. Once you match a pattern, the blocking and banning are very aggressive.

So some possibilities:

* your name is the same or very close to a target you don't know at all/have nothing to do with.

* you're working in an industry target by federal law enforcement. Big ones here would be sex work, cannabis, or political liberation

* Someone is repeatedly using your identity for something sinister. If this is a repeated pattern (which it sounds like), then it would make sense if that person is a close friend or family member. - Almost any time some is the victim of identity theft more than twice it turns out it's their partner or parent.

I'm surprised by all the people here thinking your device is compromised. This is my experience with the Internet nowadays as well; a friend complained about it today also.

The emptier the account the quicker you are banned as well (work accounts used every now and then during work hours, like twitter, are banned quicker than a private account that you login to regularly and share more things on). Old accounts are usually unaffected for me. Probably removing cookies/localStorage/etc. on a schedule doesn't help either.

Every new account on a popular service where you can interact with others is like this. It's like everyone saw what google did to gmail, saw nobody cared about the collateral damage, and figured we can all fight spam without any human intervention. In the past we didn't have this problem because it was humans that looked at posts from new members. Innocent small Internet I guess.

If you're using the same email address across all these, it might be something in the email address that's setting these off. Companies do periodically scan email addresses to remove accounts they think are malicious or do not represent an active user.

I had an email *junk*@gmail and it was sometimes flagged.

Are you repeating your passwords? Are they getting hacked from obscure locations. Do you use password manager? Is your email very specifically suspicious - I don’t know some keyword triggering these. Do you have any accounts that aren’t banned? - just a lurker here. Not industry insider.

I'd take whatever cell phone number you're using, and run it through https://www.twilio.com/lookup (https://www.twilio.com/docs/lookup/tutorials/carrier-and-cal..., specifically) to see if for whatever reason, you aren't showing up as your carrier and a mobile phone type.

Services that once let me use my Google Voice number, for example, locked me out until I could pass verification with a "real" mobile number over the years.

Sounds like your phone number is probably banned and someone in the past with that phone number had abused it for spam or something.

If this had happened to me I would be thinking the wifi/router had been hacked and someone was doing evil things with the connection/bandwidth.

BTW that google problem happens to every old account before they required phone number backup.

This doesn't happen to most people so you have a clear personal identity problem. Maybe your name is on a list (when I worked at a brokerage, we had to do identity screens and close accounts if someone was on some sort of international security list... I wasn't a member of compliance so I don't know the full details). Possibly your identity has been stolen and is being misused. Or maybe it is just one specific rogue email account that you are using that is causing you problems. I would recommend reaching out to customer service at some of these companies, possibly Fidelity first as they are a financial institution with strict requirements and might be able to tell you most directly what your problem is. You should probably also make an attempt to check / lock down your credit and any other important accounts you have.

Do you use the exact same email address across all these services? Try it with unique addresses (e.g. lopkeny12ko+lyft@gmail.com) for each... or instead of 'lyft' something harder to guess. Maybe someone is messing with you and this would make it more difficult/impossible.

Something common is affecting it - do you use your own domain for email? Is anything associated with that domain pointing at a "spammy" or "scammy" site? Switch to a provider like gmail perhaps?

Is your email or phone number used for anything besides personal activities? If your "work" is polluting your email, it may be getting caught on that.

You could try a new email that you never access from your phone, but if it is your phone number that is triggering it, that may not help.

The SMS never arriving is suspicious - are you on a major provider with a normal US phone number, or is it some other setup?

Anti-fraud systems at most companies are pretty simplistic. Most of these companies will have a bunch of 'indicators' of possible fraud (eg. account is <24 hours old, phone number country doesn't match IP country, email address isn't gmail/hotmail/yahoo/aol, customer does not have cookies from last login, customer name does not match credit card name, name and DOB not found on equifax, etc.)

If you trip too many indicators, your account will be banned.

'Privacy conscious' people tend to get caught up in these anti-fraud systems.

These are all different problems with different causes, aren't they?

Could it not be confirmation bias? I mean, if you have enough accounts you will have a list of accounts where you have trouble like this.

The only things I can think of are: are you using a low-cost VPN service, a Chinese or Russian free email account, or a free SMS number service?

(There are some good suggestions below re: FOSTA/SESTA and matching the experience of known sex workers, but I don't know if most US firms are consulting some master list here)

Are you reusing the same email/password with these accounts?

How many times have you issued chargebacks on your credit cards?

If your IPv4 is shared, it might be because of the other users doing bad things on the same IP.

If you have a compromised device on your network, it might be being used as a proxy to attempt logins, or for other uses as a "residential proxy": https://datadome.co/bot-detection/how-proxy-providers-get-re...

When I started reading this, I anticipated both Instagram and Google. They’re both notorious in banning accounts, and there’s nothing you can do (except maybe get useless template responses in the case of Instagram).

It seems like your phone number is the main problem here. It’s tainted and is on some very bad lists. You should get a new number (or two) and transition over. It may also be helpful to get new phones and set them up afresh as much as possible.

Have you created accounts with any of the big three credit reporting agencies (Equifax, Experian, TransUnion)? Or with Chex Systems?

These will let you run reports against your identity to see if any information has been compromised and used fraudulently.

The big three have to let you do one free credit report per year, which is a quick way to see if any new accounts were opened. Chex Systems has the same thing, but for bank accounts.

Many of the services mentioned are generally no reliable partners and should not be relied upon.

My guess would be malware infected devices or someone having your credentials (Do you use a new random password for each sevice?) or is making similar accounts and you are being targetted by measures taken against such actors.

For many of those services they would rather sacrifice a few via false positives, than spend more money to solve.

Do you reuse the same password or password pattern across multiple services? If not, do you store your passwords in a reputable password manager, or are they in a location such as a text file?

Have you had any other indications that your identity may have been stolen? Do you receive massive influxes of spam emails--thousands of messages at a time? Odd letters via snail mail?

Google did the same to me. Never had the chance to get my box back :( Never ever shall I trust any of those shady services with my private data! For more google hell look here: https://news.ycombinator.com/item?id=30060405#30077431

My guess is your email address is in a database of breached passwords and low-profile hackers are using this database to perform brute force attacks frequently triggering some kind of account banning to avoid performance impact on the platforms.

Try creating a new email and register again in the services you are banned and wait and see what happens.

I can use Twitter and Facebook only in a throwaway matter. I don't own a phone number so I have to rent one for an account. Then it usually doesn't take long until some blocking mechanism kicks in and I can start from scratch.

It's kinda frustrating, but on the other side it makes it more simple to avoid.

Sounds like the most likely common element is phone number. You could have been the victim of a SIM swap attack, where the bad actor used your number to do BadStuff(TM) getting your number on a block list. Or, if you got the number recently, it could have a bad reputation attached to it.

Is it possible your card infos have been leaked anywhere?

My only thought would be that your card is on the darkweb and these services are seeing it tested using their systems, blacklisting it and related accounts

Pure guess though, I can’t think of much more that would affect you across services like that

Possibly a compromised account (most likely email), or you ended up getting a blacklisted IP from your residential ISP that someone else previously used for nefarious reasons. Sometimes it's an unfortunate combination of the above, along with using an adblocker.

It's very unlikely all these web services have fingerprinted your device. More likely it has something todo with your information. If the service is not willing to help you out I suggest using an alternative service, or if possible signup with fake information.

Check if someone with a similar name to you is on the OFAC SDN list (a list of people that US companies are banned from interacting with):

https://sanctionssearch.ofac.treas.gov/

Someone might have access to your emails and is committing fraud on your accounts.

Whatever the outcome, it would be nice if you posted back with your discoveries.

Probably someone hosting, or used to host a tor node (or worse) on your IP.

Maybe: - Password manager compromised - Personal details - mobile, email, flagged with third party fraud checker - IP flagged (access via vpn, same network something happening)

This happens to me a lot I blame my vpn. Has your identity been stolen? It seems every one things you are committing fraud maybe some on in your name is.

You're in the U.S. but you used the term, "bog-standard" which is typically British. Questions and I apologize in advance if they're sensitive. I don't really expect you to answer them publicly, but maybe they give you some food for though.

1. What is your nationality?

2. Are you on the OFAC list? Do you have a common name that might be on that list?

3. Are you on the SDN list? Do you have a common name that might be on that list?

4. Do you have an average+ credit score? (About 720+)

5. Any possibility you have a virus or other malware on your Mac?

Have you ever done a charge back for an online purchase? You card or ip may be flagged as a person who does charge backs.

Is your phone number from one a traditional telephone companies (Verizon, AT&T, etc…) or from a VOIP based service?

You mentioned a residential ISP. You don't mention phone service provider.

If VoIP, someone might be spoofing your phone number.

Replace your router and buy the new router from a brick and mortar. Don’t trust any of your existing hardware.

There are various sites that can check if your IP address is on any blacklists, might be worth a look.

Are you a Russian oligarch? Jokes aside. What are ISP are you using for internet? No nord vpn right?

Could it be that your phone was backdoored, used to register fake accounts and banned as a result?

Since you live in San Francisco, a number of companies (I know for sure Facebook and Google) have ways where you know somone who works at that company, and who can vouch for you, they can help you get control back to an account that has been lost or taken over by someone malicious. Maybe you know someone at those companies? The companies themselves generally don't advertise this, because it obviously doesn't scale, and they'd be concerned with people who try to strike up a "friendship" with an employee just so they can backdoor access to an account --- this is something that can be used as a security attack vector as well! (So it works best for, "I've known this person for the last X years, and last month they completely lost control over their account. I can say for sure they are who they say they are and not a conman or a state-sponsored intelligence agent." sort of thing.)

Other than that, what I try to tell everyone to use 2FA authentication, and not just SMS text messages or TOTP's, but FIDO Security Keys to protect your digital identity. Never reuse passwords and use a password manager, yadda, yadda, yadda.

Your name might be on a shared corporate or government blacklist?

I'd be terrified I was some sort of US government list...

do you have a rooted or jailbroken phone?

Some apps will attempt to detect this and then implement restrictions on accounts associated with jailbroken devices.

maybe you have some russian ancestry ...

likely your ip is in a flagged zone that your isp purchased.

i had to call schwab to get them to allow me to login.

Sounds like a SAR filing to me. You can look that up--they won't tell you about it if you ask. It's a Patriot Act thing.

Just a tip, check haveibeenpwned

If you are an european user you might probably ask for your data under the GDPR law, that might include the reason for account termination.

Otherwise... Dunno.

Because someone is most likely using your dynamic IP address, aka the ISP you are on is possibly hosting a TOR node or perhaps spammers using your IP. I'd contact your ISP.

I'd be very interested to get a follow up on this, and what you found out.

oh hey someone is getting hacked on hacker news.