Twitter is in chaos.
The company has laid off thousands of its engineers (along with thousands of contractors tasked with fighting misinformation and harmful content).
Meanwhile, Twitter’s CISO and head of trust and safety both resigned, the privacy and compliance heads suddenly left, along with other senior company executives.
And what is the new owner of Twitter doing?
Elon Musk is scaring advertisers with his bizarre behavior because the decisions he made allowed pranksters to impersonate big brands and post tweets that caused untold damage to the company’s reputation and erased billions of dollars of their market capitalization.
We talked about some of the issues on Twitter a few weeks ago on the “Smashimag Security” podcast. We had no idea things were going to go from bad to worse.
The latest failure on Twitter? A thoughtless move by Musk to rid Twitter of “bloatware” apparently accidentally blocked some users from the site for a while, as SMS-based two-factor authentication was accidentally disabled.
Looks like someone was told to pull code from Twitter, and they just didn’t understand the complexity of Twitter’s system – the millions of dependencies and consequences that a single change can have on other parts of the site.
The only people who can understand these links and dependencies between Twitter’s systems, and issue a warning about the possible consequences, are most likely people who Twitter has already terminated. If they were still employed by the company, chances are the new Twitter boss wouldn’t listen to them.
Subscribe to our newsletterSecurity news, tips and tricks.
So what does this mean for you if you’re a Twitter user? Well, I’m a Twitter user… and I find that disturbing.
Because while most of what I do on Twitter is public, I’ve also had many private conversations via direct message (DM) in the nearly 15 years I’ve been a user of the site.
I don’t remember everything I said in those conversations, or what people said to me.
If Twitter was careless enough to break 2FA for some of its users a few days ago, what mistake could they make next? If Twitter security experts have been fired, quit, or – presumably – wondering where they should go next, then how safe is my data on Twitter?
It may be a remote possibility that Twitter suffers a colossal security error or suffers a hack that it simply does not have the expertise to protect against, but it is a possibility. And it’s a possibility that seems more likely today than before Elon Musk bought the company.
I can’t do anything to make chaotic Twitter any safer. But I can reduce the potential risk to me by deleting my DMs.
I don’t need all those old DM conversations, they can be deleted. They should be erased.
It’s a laborious process (Twitter doesn’t give you an automated way to do this), but I’d rather delete them one by one than find out one day that they’re in the hands of a hacker or a disgruntled Twitter employee who goes rogue.
PS. You know what’s really infuriating? Delete your Twitter DMs doesn’t actually stop Twitter keeps a copy of your private messages without your knowledge, even if you ever close your account completely.
A few final thoughts:
- Encourage your Twitter friends to delete their DMs as well, so that “both sides” of the conversation are erased.
- Even though Twitter doesn’t delete them behind the scenes, if *your* account is hacked, the messages shouldn’t be easily accessible by a hacker.
- If Twitter keeps your private messages even after you request their deletion, is this potentially a (costly) breach of GDPR?
- If you want to keep a permanent record of your DMs (and other Twitter activity), consider download your Twitter archive.
Did you find this article interesting ? Follow Graham Cluley on Twitter or Mastodon to learn more about the exclusive content we publish.
#time #Delete #Twitter #DMs