As anyone with a Facebook, Twitter, or Instagram account knows, privacy settings can be baffling. There’s a multitude of places to click, choices to make, and settings to turn on or off. It can be difficult to know how secure you are when using social media.
Complicating matters, some recent events have set off alarm bells for cybersecurity experts and individuals and businesses should be especially cautious. Twitter has been in the headlines almost daily since tech billionaire Elon Musk purchased the platform for $44 billion. Experts are concerned that the termination of approximately half of the workforce and the resignations of longtime security staff has made Twitter more vulnerable to fraud and privacy violations.
“They’re just wounded right now,” said Austin Berglas, a former FBI cybersecurity official who’s now a consultant at security firm BlueVoyant. “From a security perspective, it’s pretty dire. When you fire so many folks in the security department at once, and then you’ve got some senior brass leaving, it’s concerning.”
Berglas said the threats were likely to come from scammers and organized crime, as well as from hostile governments.
Ian Brown, a former senior engineering manager at Twitter, agreed. According to Brown, the lack of a fully staffed security team could lead to the site not functioning properly or users losing control of their accounts. “There are security vulnerabilities happening all the time,” he said.
Some people are pessimistic, predicting Twitter might go down. “Maybe Twitter doesn’t go down before every account has been pwned by a crypto scam,” Brown said. “Pwned” is slang for being hacked.
What’s At Risk?
Social media sites like Twitter store mountains of personal information, including email addresses, passwords, and unencrypted data inside their direct-message inboxes. Impersonations and hoaxes have increased in the past few weeks as the Twitter platform undergoes change.
Proofpoint, a company that tracks online fraud, said it had detected a significant increase in scammers operating on Twitter, including a scam to drain people of their savings. People have been receiving messages that are actually introductions for a scam that tries to convince people to invest in cryptocurrency.
Twitter recently rolled out its Twitter Blue verification service. Users can pay $8 a month for a verification badge. Many users who signed up changed their usernames and profile pictures to impersonate famous people and brands.
“You know, it’s comedy to see posts from George Washington, from Jesus, from ‘Elon’ himself allegedly, but at the same time it’s terrifying. Because how do you know what’s the truth?” said Marc Rogers, chief security officer of Q-Net Security. “At the end of the day, security staff is not just there to protect the user, although that’s like a critical part of it.”
In 2020, cryptocurrency scammers tricked Twitter employees into giving them access to key company controls. They took over many high-profile accounts on the site, forcing those accounts to post a request for bitcoin. Hackers also took control of an Associated Press account and sent a false tweet about explosions at the White House, causing a sudden drop in the stock market.
How to Protect Yourself
Experts are suggesting individuals or businesses who use social media take steps to increase their digital safety.
- Archive and preserve your posts by downloading your posts and private messages.
- Protect your account through multi-factor authentication.
- Reconsider using the “sign in with Twitter” feature. You don’t want to rely on Twitter as an “identity provider.” If you’re using this feature to access other sites you rely on, change to a standalone username and password.
- Delete old tweets and private messages.
- Don’t use social media sites for sharing sensitive information.
- Disable discoverability and location tracking.
Many of the social media recommendations apply to any online activity. As always, awareness and education are good first steps towards protecting your privacy. Privacy settings on social media sites aren’t failproof. Individuals and businesses can also protect their privacy by being careful about what they post.
“Whether it’s Facebook or Google or the other companies, that basic principle that users should be able to see and control information about them that they themselves have revealed to the companies is not baked into how the companies work,” said Eli Pariser, author and entrepreneur. “But it’s bigger than privacy. Privacy is about what you’re willing to reveal about yourself.”
Collier, Kevin and David Ingram. “Is it Safe to Use Twitter? Security Fears Rise After Elon Musk Drives Off Staff,” NBC News, November 11, 2022. https://www.nbcnews.com/tech/security/safe-use-twitter-security-fears-rise-elon-musk-drives-staff-rcna56864. Last accessed November 28, 2022.
“Beyond Twitter: Digital Safety Tips.” Access Now, November 23, 2022. https://www.accessnow.org/twitter-elon-musk-digital-safety-tips-resources/. Last accessed November 28, 2022.