It could be the staff, but then again, it's very unlikely if it was someone doing its thing through social media. In most cases staff running the social media department don't have any access to user accounts.

The only thing they can do from there is provide basic level information support, which more often than not is useless drivel for those in need of support. Did you share any precious account details with them?

Are you using the same email with the same password for multiple sites and services? It could be that there was a database hack somewhere and they now have your details. Just in case change all your passwords.