Twitter: Five reasons why you should do five things to protect your data

Twitter: Five reasons why you should do five things to protect your data

On October 27, 2022, Elon Musk took control of Twitter. Since then, the pace of change has been dizzying. The situation can currently be described as extremely insecure at best and downright chaotic and potentially very dangerous at worst. In a short period of time, we have seen events that have quickly called into question the security and privacy of the platform and the data stored within it - as well as the uncertainty of whether Twitter will even exist in the coming months or weeks.

In view of this development, it is only prudent to closely examine one's own engagement on the platform and, above all, the personal information stored there, and to potentially take measures to protect this data in the short term - because a possible complete crash of the platform also seems possible. At the moment, there are five main areas of concern, relating to security, privacy, and the survivability of Twitter.

1. The massive, sudden, unplanned, and unstructured loss of personnel. First, attackers may be able to use Twitter more as a platform to target users with spam, phishing, fraud, and other attacks. Second, attackers can more easily compromise systems to collect and steal data.
   
   
2. Chaos and uncertainty around account verification and countering misinformation. Mixing the previously existing verification process with the $8 "purchased hook," even if since withdrawn, created the perfect storm of confusion and encouraged malicious activity. Thus, within a few days it was almost impossible to distinguish legitimate accounts from parody or even malicious identity forgery accounts.
   
   
3. Twitter's willingness and ability to comply with legal security and privacy requirements. The risks in this situation are simply unknown. We have yet to see a situation where a platform this large and important potentially deviates so far from regulatory compliance so quickly. While regulators typically follow a very methodical process, the current situation could also involve very extensive, restrictive, and sudden enforcement activity from the regulatory side.
   
   
4. The financial viability of Twitter. If Twitter were to fail as a company and go bankrupt, what would happen to the data and systems on which it is stored? Would it be sold as part of a liquidation? Would financiers, which include Saudi Arabia and Qatar, be able to take ownership and control of the data and systems? Once again, we are in uncharted territory and the answer is: we just don't know.
   
   
5. The current level of unpredictability appears to be continuing or even worsening. Decisions are made with little planning and quickly reversed or changed with just as little planning. What Twitter is changes not just from day to day, but from hour to hour. This makes risk assessment nearly impossible. It also creates an environment that strongly favors threat actors. Worst of all, there is literally nothing to suggest that this state of affairs will change for the better.

With all these unknowns, the rule of thumb is once again to assume the worst when it comes to security. This could mean that the platform suddenly disappears without warning and personal information of previous users ends up in the hands of unwanted people. Against this background, five steps are recommended to protect yourself and personal data

1. Secure your own copy of your Twitter information! 
   If Twitter becomes inaccessible due to government, creditor or other actions, all of your information could be lost without warning. At this point in time, Twitter offers the ability to download personal data. However, reports indicate that it often takes days to respond to data requests, and due to the worsening staffing situation, as well as the expected increase in demand, you should take this step immediately. 
   
   
2. remove all personal and confidential information from Twitter! 
   One of the biggest risks is that personal or sensitive information you have stored on Twitter will fall into the hands of cybercriminals. Accordingly, they should remove information such as date of birth, phone numbers, payment information, geographic location information, and other information that could be dangerous to you, your family, or those you care about, alone or in combination with other information - this includes direct messages and tweets. If you are thinking about deleting all tweets, likes, direct messages and media, you should download copies before doing so.
   
   
3. secure access to your Twitter account. 
   Die angespannte Personalsituation kann dazu führen, dass Twitter nicht in der Lage ist, im gleichen Umfang wie früher Account-Hijacking zu bekämpfen oder bei der Wiederherstellung gekaperter Accounts zu helfen. Es war schon immer wichtig, den Zugriff auf Ihr Twitter-Konto gut abzusichern, zurzeit ist es noch wichtiger. Deshalb sollten Sie auf jeden Fall ein nur bei Twitter verwendetes Passwort sowie die Multifaktor-Authentifizierung nutzen. Sie sollten auch alle Apps trennen, die mit Ihrem Twitter-Konto verbunden sind, und Konten nur dann verbinden, wenn Sie dies benötigen- und sie trennen, wenn Sie fertig sind.
   
   
4. secure your Twitter presence. 
   If you plan to stay active on Twitter, you should use protected tweets or even consider blocking your account. This will let you control who can see your posts and interact with you. If you don't plan to stay active on Twitter, you can even deactivate your account, but you shouldn't delete it. By deleting it, you can share your account with other people, allowing strangers to impersonate you.
   
   
5. Change the way you interact with Twitter. 
   Most fundamentally, you should change your approach to Twitter, the people on the platform, and what they say. In other words, when in doubt, don't believe anyone for what they claim to be or say without taking steps to independently verify the identity and information. For example, if an account appears to represent a person or organization, look for another verifiable source for what it says, such as an SSL-protected website whose digital certificate you can verify. Be especially careful when validating Twitter accounts with other Twitter accounts: We have already seen several fake accounts working to create the illusion of legitimacy by verifying each other.
   
   

Conclusion: No time for panic

The fact is that we have never before faced a situation like this, where a website of such social, political, and economic importance as Twitter has experienced such a massive unraveling so quickly on so many levels. As a result, it is difficult to know exactly what will happen and what to do. What we in the information security world can tell everyone is that this is not a time to panic, but it is a time to take swift and decisive action to counter the very real possibility that some or even all of these worst-case scenarios will occur. So you should start right now to ensure the security of your Twitter data.