While the Elon Musk-headed Twitter is tinkering around with its feature set and planning to make changes in its algorithmic recommendations to expand its content base, apart from purging the bot accounts, its data security is going downhill.
Data from over 5 million Twitter users were posted on a hacking forum for free. This act exploited the social media platform’s API vulnerability. In July 2022, theft data of around 5.4 million users were sold for USD 30,000.
BleepingComputer even claimed that in addition to these 5.4 million datasets, the hacker managed to access data for another 1.4 million suspended Twitter profiles. These datasets mostly consisted of the users’ mobile numbers and email ids.
Also, as per Statista, from October 27 to November 1, some 877,000 users deactivated their Twitter profiles, while Mastodon, a federated social network has seen a membership rise of over a million users in November alone.
While these users thought deleting their profiles would be a good way to punish Elon Musk, as per experts, the move poses greater risks, especially after repeated data thefts. Instead, they believe, deleting direct messages on Twitter should be the way ahead.
After Elon Musk’s takeover, Twitter has fired their staffers indiscriminately, including the engineers and senior executives overseeing security and safety issues. Security analyst Graham Cluley believes that apart from such blanket staff layoffs, the Tesla CEO’s desire of ripping out a “huge chunk of the micro-blogging platform’s codebase” is leaving the user base at severe risk of coming under data thefts.
He also cited the incident of Twitter accidentally deactivating its SMS-based two-factor authentication (2FA) amid its internal chaos.
“If Twitter is careless enough to break how 2FA works for some of its users a few days ago, what mistake might they make next?” Graham Cluley said in his blog. The feature he is talking about gives users an enhanced layer of protection against hacking attempts.
“If Twitter’s security experts have either been fired, have quit, or – presumably – are wondering where they should go next, then just how safe is my data on Twitter?”, the expert remarked, while expressing fears that the micro-blogging platform no longer has the expertise to deal with a data theft attack, thanks to its random firing of employees.
“It may be a remote possibility that Twitter will have a monumental security screw-up or suffer a hack that it simply doesn’t have the expertise to protect against, but it is a possibility. And it’s a possibility that seems more probable today than before Elon Musk bought the company,” Graham Cluley said.
He suggested that Twitter users take control of their data security by deleting the DMs (Direct Messages) made from their accounts. These DMs contain sensitive information and these messages can be deleted one at a time, by clicking the three dots menu next to each conversation in the Twitter web interface.
While experts are trying to find out a credible long-term solution, which can be used by the customer to protect his/her data, Elon Musk is now planning to add encrypted DMs to the new USD 8-per-month Twitter Blue subscription package. Now, deleting accounts abruptly can harm users as scammers, and trolls can use those abandoned user names to spread misinformation or commit fraud.
All they will be required is a recognized username, along with an amount of USD 8, paying which the blue checkmark (which used to be a sign of meaningful user verification till a couple of months back), will be given from the micro-blogging platform. Elon Musk and Tesla both saw their ‘verified’ troll accounts wreak havoc on Twitter recently.
Now, the existing users can either go for measure one, blocking their followers and deleting their tweets, DMs, and accounts, or the second option of keeping a private Twitter account and having the control to decide who can follow them.
Now understand this scenario, you deactivate your Twitter account. After 30 days, your account gets deleted, and tweets get erased. However, you have ‘relinquished’ your claim over your username and now anyone can use that. Under the new verification methods (once it kicks in), the trolls or cybercriminals can use the leeway to operate under your ‘relinquished’ user name. They can even get themselves verified with a “Blue Check”.
These criminal elements will be indulging in identity impersonation and committing illegal activities under your name. So, instead of deleting your existing account, just lock it down, as part of leaving the micro-blogging platform.
Steps That Will Ensure Safe Departure From Twitter
First, delete your tweets one by one. However, even if you don’t perform this action, it will anyways happen 30 days after the account gets deactivated. Or use “Tweet Deleter” to cleanse your account. All you need to do is sign in to the service with your Twitter credentials, following which, your tweets and even likes on them will get deleted. Tweet Deleter will then save these deleted tweets in its app.
After that, go to Twitter’s “Settings and Privacy” tab. From there, click on the “Privacy and Safety” button, following which you can go to the “Audience and Tagging” option. From there, choose “Protect your tweets.” In case you have any more public information left on your account, privatize it to prevent non-followers from seeing those data.
Then, go to your profile, click “Edit Profile” to delete any personal information in your bio, and remove your photo from your profile picture. Don’t forget to change your password as well.
Then click the “more” icon in the navigation bar, followed by “Settings and Support”, and from there “Settings and Privacy”. After that, select “Your Account”. From there, download a data archive to store your account information.
During this procedure, you will be either asked to enter your Twitter password or a code will be sent to your email/phone number to complete the verification process. Click the “Request Data” button then. Twitter will send email/push notifications to you. When your download is ready, Twitter will send an email to your connected email account or push notification. After getting the mail/notification, click the “Download” button while logged in to your Twitter account and download a ZIP file of your Twitter archive. Now you have safe custody of your data.
After all, these, if anyone is searching for your account name on the micro-blogging platform, only a blank, private profile will come up, meaning your account name can’t be used by any other personality.
If you are in still two minds about whether to leave or stay on the micro-blogging platform, then follow these measures to keep your accounts safe:
Two-factor Authentication
Since Twitter reportedly facing issues with the conventional SMS/Email two-factor method, either use the ‘Authy’ app or security keys like ‘YubiKey’ to set up 2FA.
Go into your Twitter account settings, follow the “Settings and Support”>”Settings and Privacy”>”Security and Accounts Access” route. Then select “Two-Factor Authentication” from the “Security” tab.
After that, whenever you access your account, you will be requiring your username, password, and Authy-generated code/security key.
Privacy Lockdown
First in this category comes to your location data (as seen and registered by Twitter, in case you have allowed the micro-blogging platform to do that). Go to your settings and privacy. From there, follow this method: Privacy and safety > Location information > Add location information to your Tweets.
Then select “Remove all location information attached to your Tweets” option to delete any previous location data.
Also, don’t forget to disable the advertisement settings option to prevent Twitter from collecting your data. For this, the solution is: Settings and Privacy>Privacy and Safety>from there, start with Ads preferences, and then uncheck the box for Personalized ads. After that, select “Data sharing with business partners” and uncheck that box as well.
Due to its massive staff downsizing, the micro-blogging platform’s data security is in a very vulnerable stage. Also the $8-per-month Twitter Blue subscription package does no good to the users, as it increases the chances of identity impersonation and subsequent shady activities on the micro-blogging platform. Leaving Twitter abruptly is not a viable option anymore. High time that users take control over their data security to prevent their credentials from being misused.