Security Expert Says To Delete Your Twitter DM’s NOW Because Elon Musk Doesn’t Have The Ability To Stop Twitter From Getting Pwned

Yesterday, I made this comment on Twitter based on Elon Musk wanting only “hardcore” employees working for him:

It now seems that I might have been right. Graham Cluley is an independent security analyst who has previously worked for Sophos and other security firms. What he says on his blog is kind of scary:

Because although most of what I do on Twitter is public, I have also had plenty private direct message (DM) conversations in the almost 15 years I’ve been a user on the site.

I can’t remember everything I’ve said in those conversations, or what people may have said back to me.

If Twitter is careless enough to break how 2FA works for some of its users a few days ago, what mistake might they make next? If Twitter’s security experts have either been fired, have quit, or – presumably – are wondering where they should go next, then just how safe is my data on Twitter?

It may be a remote possibility that Twitter will have a monumental security screw-up or suffer a hack that it simply doesn’t have the expertise to protect against, but it is a possibility. And it’s a possibility that seems more probable today than before Elon Musk bought the company.

There’s not anything I can do to make a chaotic Twitter safer. But I can reduce the potential risk to me, by deleting my DMs.

That’s right. He’s deleting his DM’s. And he recommends that the person on the other end of the conversation do the same. Now Cluely is a guy I follow, and if he says something or does something, it’s probably in your best interest to do it as well. And seeing as I’m kind of in the same boat that he is in, which is that some of what I do on Twitter is public, but I get a whole lot of tips via DMs. That means that on my to do list this weekend is to delete all my DM’s. Though he does point this out:

PS. You know what’s really galling? Erasing your Twitter DMs doesn’t actually stop Twitter from keeping a copy of your private messages unbeknownst to you, even if you one day completely close your account.

Yeah. That sucks. But any step that I can take to protect myself or my sources is a good one.

The fact is that Elon has no way of protecting Twitter from being pwned seeing as he’s fired the people who can protect Twitter from getting pwned. Assuming that the few that are left don’t get fed up with working for a moron with delusions of grandeur and quit. Which means that it’s up to you to protect yourself so that nothing bad happens to you because Elon has no clue how to do that.

Leave a Reply