Twitter is in chaos.
The company has fired thousands of engineers (as well as thousands of contractors responsible for combating disinformation and malicious content).
Meanwhile, Twitter’s CISO and head of Trust & Safety resigned, while both chief privacy and compliance officers left abruptly, along with other top executives within the company.
And what does the new owner of Twitter do?
Elon Musk’s strange behavior is scaring advertisers because his decisions allowed pranksters to impersonate big brands and post tweets that caused untold damage to businesses’ reputations and wiped billions of dollars off their market value.
A few weeks ago on the Smahimg Security podcast, we talked about some of the problems with Twitter. Little did we know that things would go from bad to worse.
The latest Twitter fail? Musk’s ill-advised initiative to rid Twitter of “bloatware” apparently accidentally locked some users out of the site for a while because SMS-based two-factor authentication was accidentally disabled.
It looks like someone was ordered to remove some code from Twitter, and they just didn’t understand the complexity of the Twitter system – just one change could have too many dependencies and consequences on other parts of the site.
The only people likely to understand these connections and dependencies between Twitter’s systems and warn of the possible consequences are likely the people Twitter has already fired. If they were still working at the company, chances are Twitter’s new boss wouldn’t listen to them.
So what does this mean for you if you’re a Twitter user? Well, I’m a Twitter user… and it bothers me.
Because while most of what I do on Twitter is public, I’ve had plenty of private direct message (DM) conversations in the nearly 15 years I’ve been a user of the site.
I don’t remember everything I said in those conversations or what people said to me.
If Twitter was careless enough to screw up how 2FA works for some of its users a few days ago, what mistake can they make next? If Twitter’s security experts have either been fired, quit, or—probably—are wondering where to go next, how safe is my information on Twitter?
The possibility that Twitter suffers a monumental security breach, or is simply hacked without the expertise to protect it, may be a remote possibility, but it’s a possibility. And that’s a much more likely possibility than it was before Elon Musk bought the company.
There is nothing I can do to make chaotic Twitter safer. But I can reduce the potential risk for me by deleting DMs.
I don’t need all those old DM chats, they can be deleted. They are should do to be deleted.
It’s a painstaking process (Twitter doesn’t give you an automated way to do this), but I’d rather delete them one by one than one day find them in the hands of a hacker or a disgruntled Twitter employee. goes rogue.
PS. You know what’s really gross? Your Twitter DMs are deleted it doesn’t actually stop Twitter keeps a copy of your private messages without your knowledge, even if one day you close your account completely.
Some final thoughts:
- Encourage your Twitter friends to delete their DMs, too, so “both sides” of the conversation are deleted.
- Messages should not be easily accessible by a hacker if *your* account is compromised, even if Twitter doesn’t delete them behind the scenes.
- If Twitter keeps your private messages even after you request their deletion, is that a potentially (costly) GDPR violation?
- Consider if you want to keep a permanent record of your DMs (and other Twitter activity). Downloading your Twitter archive.
Found this article interesting? Follow Graham Cluley on Twitter or to read more of the exclusive content we send to Mastodon.