Twitter Takeover Raises New Cybersecurity Concerns

While the relevance is debatable, news of Elon Musk’s Twitter takeover has been difficult to avoid. The platform’s new CEO has enacted a set of dramatic new changes primarily focused on monetizing the platform and generating revenue and profit. In just a few short weeks, a new subscription model has been released, half the workforce has been let go, and companies are rethinking their relationship with the platform.

Despite its wide user base and popularity with governments, celebrities, artists, and users around the world, Twitter has been famous for being a social media platform that has traditionally struggled to maintain a profit. Elon Musk has committed to making the platform much more profitable and many wonder whether his personal brand will also impact the culture on Twitter as well.

We wanted to dig into what the potential security implications the new leadership has and whether the platform will be one brands continue to use to improve engagement and awareness.

Twitter Blue may result in more misinformation

As of the time of this writing, the biggest change Musk has rolled out has been a subscription model called Twitter blue. Musk initially proposed it as a $20/month subscription service that allowed users to keep or obtain a verification badge, marked by a checkmark next to users’ names.

Musk expanded on this idea. Twitter Blue, in addition to verifying users, gives users priority on mentions and comments, alongside a few benefits. The pay-for-play model of verification, however, may have unintended consequences.

Verification was a way to identify true personas on a platform where impersonation is rampant. Celebrity, government officials, and brand accounts were authenticated via verification badges, which was a result of an internal Twitter decision, not one tied to any payment.

However, if anyone could pay for a verification badge and if companies, journalists, and public figures decide they don’t want to pay for verification, it may lead to much more confusion. The platform itself may become murky where impersonation and misinformation run rampant and finding accurate info can be hard as it’s much more difficult to know who to trust and which accounts actually belong to the person a handle might claim. Given that verification now hinges on anyone willing to pay $8 a month, it’s easy for fake and spam accounts to impersonate others and brands may not want the risk of being impersonated or falling for accounts pretending to be someone else.

Phishing attacks are taking advantage of the buzz

Elon’s non-traditional style of announcing Twitter Blue has led to some confusion and even led to phishing campaigns. For starters, Twitter Blue already exists as a $4.99/month subscription option with a much different feature set. However, at the time of this writing, the new changes to Twitter Blue was just recently released to users in select countries — there was no official release or option to subscribe to Twitter Blue when Elon Musk initially announced it.

That hasn’t, however, stopped malicious attackers from sending out a phishing campaign designed to lure and trick users into giving up their Twitter log-in information. The phishing campaign was sent out as a fake email from Twitter asking users to provide their information in order to confirm existing verification or purchase the new verification option.

If feature announcements continue to be made via Tweets and no other official channels, we may be seeing multiple phishing campaigns roll out, causing users and brands to scramble.

Twitter’s security concerns may be a priority for Musk

Between the back and forth of the will he or won’t he of the Musk takeover, Pieter Zatko, a former security chief of Twitter detailed multiple security concerns and failures within the organization.

Among the whistleblower’s concerns included an elevated number of bots, poor account security, and a concerning amount of employees having access to sensitive systems and critical information.

Last year’s massive Twitter hack that resulted in high-profile accounts, such as Joe Biden, and Elon Musk himself tweeting out a bitcoin scam was largely made possible by deploying social engineering attacks against employees with elevated account access.

Given Musk’s concern about bot traffic, a priority may be to ensure account security and that the company isn’t exposing critical information unnecessarily, which may result in a more secure social media platform.

Will Twitter be a secure and preferred option for companies?

The last few weeks have been tumultuous for the social media giant and given Musk’s general persona, that’s not likely to let up anytime soon. Aside from potential security concerns, many have spoken up against Musk’s commitment to make the platform a town square “where a wide range of beliefs can be debated in a healthy manner.”

While it’s unclear what that exactly means, some have expressed concerns that the platform may fuel hate speech and offensive language, creating a platform that’s less welcoming and open to users and brands alike.

Many have also noted that some of the recent layoffs came from moderation, fraud, and safety teams, which may make the platform less desirable for advertisers and brands who want to have a presence on the platform.

That, coupled with potential security concerns may turn the platform away from some brands who may be re-thinking the effectiveness of being on Twitter. Several advertisers and publishers have also paused their engagement and activity with the platform as a result of the uncertainty.

On the other hand, if Musk does turn his attention to improving security measures, account security, and creating a platform that results in a stronger audience-publisher-advertiser relationship, brands may actually see a more positive return from their efforts.

Time will tell but organizations may want to invest in account security tools for their employees and social media and marketing departments. For employees who may still use the platform, consider empowering them with a password manager to improve their account security.