
Removed From Every Project After Reporting a Platform Security Incident
Posting here because support has not resolved this after nearly a month.
Before I start, I want to address the admins of this space: I am not posting this to cause trouble. There is nothing unprofessional, disrespectful, or hostile. This is a civil and respectful plea for help. Help get me mback on projects and as you'll see, help Handshake avoid proxy-tasking which hurts taskers who most of the time are unable to task because there just aren't enough in soe projects. So, I thought I was doing your platform a favor. As you'll see, I DID your platform a favor.
I was not asked to submit a threat intel report on a foreign national soliciting me for a proxy tasking scheme. I didn't even have to report it!
I took time, out of my busy schedule, to draft a NIST compliant report to just help out the platform. I didn't ask for anything in return nor was I expecting anything except maye, "Thanks, we're looking into it".
I never thought I'd be removed from all projects at once for supplying this info.
I chose not to post in support because I have already opened or responded to close to 20 tickets, and the ticket process has not resolved the issue.
I have been meticulous about redacting sensitive information. Names, emails, links, attachment tokens, PII, and anything that could unnecessarily expose other fellows or private individuals have been removed from my public report.
You can move this to support, but I believe the community needs to see this. Not to stir up trouble, but to protect themselves and their ways of generating income for themselves and their families. If you remove this post you'll be actively hurting your Fellows 100%. That's not my opinion. I'm living proof as you'll see. Everything stated or claimed is backed up by documentation. As a Cybersecurity professional, I'm a meticulous record keeper by default. If you want proof of anything. Just ask, however, Handshake has copies of everything I'm sharing.
This is the factual timeline in my own words.
The Incident
I submitted a good-faith platform abuse report involving a Slack user soliciting verified AI tasking contributors to provide platform accounts, allow remote access through AnyDesk, bypass IP/location safeguards, route payments through the verified account holder, and split proceeds. The solicitation referenced AI tasking platforms and appeared consistent with account proxying, tasking by proxy, payment pass-through, and IP evasion.
I immediately notified the platforms where I contribute, including Handshake AI.
To be explicit and unambiguous just as I was with the 10+ support tickets:
- I did not provide credentials.
- I did not provide MFA codes.
- I did not provide remote access or AnyDesk access.
- I did not provide payment information.
- I did not provide task materials, rubrics, internal information, or platform access.
- I did not allow anyone to use my account.
What I did do:
- Reported the issue.
- Preserved evidence.
- Documented actor behavior, TTPs, IoCs, screenshots, and platform references.
- Documented my own non-participation.
The result: Handshake removed me from every project, routed me into an “irregular activity” review, and began asking for identity/credential documents like transcripts, diplomas, institutional letters, portfolios, etc.
That does not answer the security question.
I already passed webcam-based physical identity verification.
A transcript is not a substitute for telemetry.
If Handshake believes there was account misuse, the relevant evidence should be telemetry: login events, session events, IP/device anomalies, payout changes, task-submission behavior, project-access events, credential-sharing indicators, remote-access artifacts, account-linkage signals, timestamps, policy basis, and a human-review decision.
Handshake has no normal tasking telemetry from me since removing me from all projects, other than my interactions with support, login attempts, dashboard access, and identity re-verification.
Economic Harm
This has caused real economic harm. I won't go into detail but let's just say, this really hurt me and my family.
I was removed from all projects while already experiencing financial hardship due to an unrelated VA benefits administrative error. Losing access to paid tasking work potentially cost me thousands of dollars in lost opportunity after I came forward with information that could have helped protect the platform and other fellows.
Support History
- Ticket #2237865: Original threat report: “Solicitation to Share Platform Accounts for Financial Gain.”
- Ticket #2237865 follow-up: I clarified that my account was secure and that I had not shared credentials, MFA, remote access, payment information, task materials, or platform access.
- Ticket #2258712: Request for account history review and offboarding after I was removed from projects.
- Ticket #2258712 update: Handshake stated there was “irregular activity” on my profile and requested additional identity/credential documentation.
- Account block/dashboard issue thread: I reported that my dashboard and project access were blocked or impaired.
- June 21 support requests: Multiple support acknowledgments were opened or routed while the underlying issue remained unresolved.
- June 23 follow-up on #2237865: I again stated that I had reverified myself and that my account/data were not compromised.
I also submitted the same underlying report to another AI tasking platform. Their response was to
Thank me,
treat it as a fraud, investigations, and platform abuse issue,
thank me again for doing such a "Deep Dive" into the scheme,
forwarded it to the appropriate team.
Same reporter. Same facts. Same solicitation. Same documentation. Completely different handling.
Ongoing Platform-Integrity Concern
There is also an ongoing platform-integrity concern: I am still in the Slack workspace where the solicitation occurred, and there appear to be approximately twelve Handshake fellows in that same workspace. They may not even know they are present in a workspace being used for account-proxying solicitation.
I have not contacted them, named them, warned them, or interfered because I do not want to create confusion or disrupt any legitimate investigation.
But this raises a basic question:
If presence in that Slack workspace is “irregular activity,” what is Handshake doing about the other fellows there?
If presence in that Slack workspace is not evidence of wrongdoing, why was I, the person who reported the activity, removed from projects and placed under review?
Why I Recognized the Pattern
This is what I do outside of tasking. I have a B.S. in Computer Science with a cybersecurity concentration. I am currently in George Mason University’s M.S. Digital Forensics program with a concentration in Reverse Malware Engineering and Penetration Testing. I am also a TA/mentor with the U.S. Cyber Challenge / Center for Internet Security cyber camp program, supporting digital forensics, malware analysis, incident response, and cybersecurity training.
George Mason also published an article about my 48-day hardened Cowrie honeypot project here:
https://www.gmu.edu/news/2025-12/george-mason-student-project-presents-sticky-situation-hackers
That project is also the basis of a research paper currently in the publication process, and George Mason’s Director of the Digital Forensics master’s program requested permission to incorporate the work into the DFOR curriculum.
So this is not a case of a random fellow misunderstanding a suspicious message. I recognized a platform-abuse pattern, preserved evidence, separated facts from assumptions, documented non-participation, and reported through the proper channels.
The result was project removal, income loss, and an unexplained “irregular activity” classification.
That creates a chilling effect. If fellows learn that reporting platform abuse can result in project removal and income loss, they will stop reporting platform abuse.
At this point, I am asking Handshake to do one of the following:
- Restore my project access if there is no evidence of policy violation or account misuse.
- Provide the specific telemetry, timestamp, account event, and policy basis supporting the “irregular activity” classification.
- Provide written confirmation that reinstatement is refused and identify the specific reason.
- Formally offboard me and preserve all records related to this matter.
I am also requesting preservation of correspondence, ticket history, routing records, automated classifications, risk flags, project-removal events, account-review records, dashboard status changes, identity-verification records, login/session telemetry, IP/device telemetry, payout telemetry, task-submission telemetry, and decision records associated with my account and the related tickets.
Support automation has already acknowledged that my points are valid: the identity-document request appears misaligned, the request for telemetry is reasonable, penalizing good-faith reporters creates a chilling effect, the economic impact matters, the comparison with another platform is relevant, and preserving evidence aligns with incident-response best practices.
That is the disconnect.
Handshake’s support automation can summarize the issue. The actual account-review process still has not answered it.
Answer the telemetry question, restore access, or provide written closure.
My Conversation with HandshakeAI support bot for the 24th times
My Sanitized Threat intel Report Scrubbed of other company names , PII, or sensitive data 1-4
My Sanitized Threat intel Report Scrubbed of other company names , PII, or sensitive data 5-6