The IT Nerd

You might recall that Twitter appears to have been pwned. And pwned big. When I posted this story, I had said that “millions” of Twitter users might be affected. The number is actually 400 million users:

They have already warned Elon Musk’s Twitter as “they should purchase the data before it leads to a large fine under Europe’s GDPR privacy law.”

“Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imaging the fine of 400m users breach source,” wrote Ryushi in a forum post. “Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively.” 

In the post, the hacker explains how this data can be used for phishing attacks and other scams. Ryushi says they were able to collect public and private Twitter data, such as users’ email addresses, names, usernames, follower count, creation date, and phone numbers. While most of this data can be found online, phone numbers and email addresses are private information.

Ryushy acquired data from 37 celebrities, including Alexandria Ocasio-Cortez, Donald Trump JR, Mark Cuba, Kevin O’Leary, and Piers Morgan, Bleeping Computer reports. The hacker told the publication that they are “attempting to sell the Twitter data exclusively to a single person/Twitter for $200,000 and will then delete the data. If an exclusive purchase is not made, they will sell copies to multiple people for $60,000 per sale.”

The hacker highlighted why this is very bad news for Elon. The GDPR. He’s running the risk of having to cut a check for hundreds of millions of dollars because of this. And buying the data won’t make that risk go away methinks. In fact, as I said in the original post that I made about this, an investigation is already underway.

John Gunn, CEO of Token chimes in with this:

The claims of the hackers are baseless as far as possible fines are concerned as GDPR does not mandate that companies never get hacked, and equally important, claiming you were a victim of hackers and paying a ransom does not alleviate any company from their responsibilities and potential penalties under GDPR or any other EU regulation.

Thus Elon is in deep trouble on the EU front. But his problems don’t end there. Twitter is under a consent decree with the Federal Trade commission. And that consent decree says that Twitter will do the following:

• prohibit Twitter from profiting from deceptively collected data;
• allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers;
• notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about Twitter’s privacy and security controls;
• implement and maintain a comprehensive privacy and information security program that requires the company, among other things, to examine and address the potential privacy and security risks of new products;
• limit employee access to users’ personal data; and
• notify the FTC if the company experiences a data breach.

As far as I can tell, Elon and company haven’t even admitted that this breach exists despite it being the worst kept secret in cybersecurity right now. Thus if Elon and company truly haven’t told the FTC about this, they’ve violated the last part of that consent decree. Which means that he’s just asking to get slapped silly by the FTC. In fact, I would not be surprised if the FTC is already dotting its “I”‘s and crossing its “T”‘s in preparation of dropping a bomb or two on Twitter.

I suspect that life is about to get very, very difficult for Elon in the next few days. You might want to pop some popcorn as it will be interesting and fun to watch. Unless you’re Elon Musk.

If you believe some reports that I have been seeing online, like this one from Bleeping Computer, it is possible that Twitter has been pwned by hackers. And the results could be devastating as the threat actors behind this have apparently secured millions of Twitter users’ personal information on the dark web. Email, username, follower count, creation date, and, in some situations, the users’ phone numbers are all included in the sample data. This came to light three days ago where the threat actor posted celebrity names and other information, as well as a note for Elon Musk in a dark web forum telling him that if he wants the data not to be made public, he needs to buy it. I’ve seen the post in question so I know it exists. And it’s going to create a huge problem for Elon. Here’s why:

In a statement on Friday, the Irish privacy regulator said, “The DPC corresponded with Twitter International Unlimited Company (‘TIC’) in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance.”

It also added that it believes “one or more provisions of the GDPR and/or the Act may have been, and/or are being, infringed in relation to Twitter Users’ personal data.”

The DPC, which serves as Twitter’s lead EU watchdog, wants to determine if the social media giant has fulfilled its obligations as a data controller regarding the processing of user data and whether it has violated any provisions of the General Data Protection Regulation (EU GDPR) or the Data Protection Act 2018.

Well, that’s going to end badly for Elon if it is determined that Twitter has actually been pwned. This organization has nailed Twitter before, and they won’t hesitate to do so again. Plus it will likely prompt other organizations like the FTC to start poking around. And the FTC isn’t shy about slapping companies silly when the drop the ball. Or in the case of Twitter, are under a consent decree because of past bad behaviour.

But the trouble doesn’t end there for Elon:

Security expert Chad Loder also revealed on Twitter and Mastodon details about an even larger data dump potentially containing millions of Twitter records with personal phone numbers that were collected using a previously fixed API bug and some publicly available information, such as verified status, account names, Twitter ID, bio, and screen name.

“I have just received evidence of a massive Twitter data breach affecting millions of Twitter accounts in EU and US,” Loder said.

“I have contacted a sample of the affected accounts and they confirmed that the breached data is accurate. This breach occurred no earlier than 2021.”

BleepingComputer has verified with multiple affected users that the phone numbers in this data breach are valid.

It is worth noting that none of the phone numbers in this leaked database were present in the original data sold in August 2002, demonstrating the significant exchange of Twitter user data among threat actors and the extent of the data breach beyond what was previously known.

This is an extinction level event for both Twitter and for Elon if this is true. Even if some or all of this didn’t happen under his watch, he’s the guy in charge now so he’s responsible. I’d honestly watch this story over the coming days. Because if you were looking for a singular event that would “end” Twitter and Elon along with it, this would pretty much qualify.

According to Forbes, Elon Musk has got a lump of coal in his stocking this holiday season. He and his lackeys and minions at Twitter have been trying to get advertisers back on the platform in any manner possible. And so far, their efforts have failed miserably:

It is clear that there are many challenges ahead for Musk at Twitter, but the one which must be addressed immediately is attracting his core base of advertisers back to the platform. The company is clearly in the midst of a chaotic mess, with employees being let go left and right, and advertisers—the bread and butter of Twitter’s business—abandoning ship in droves.

An alarming statistic from research firm Pathmatics was recently published in The Wall Stret Journal—roughly 70% of Twitter’s top 100 advertisers were not spending on Twitter for the week ending December 18. And although Musk and his team have held meetings with major advertisers in recent weeks, they have been unable to entice them to come back.

Given that almost 90% of Twitter’s $5.1 billion in revenue came from advertising last year, this should be Musk’s top priority, not figuring out whose accounts should be suspended or reinstated. Twitter has offered some advertisers to match dollar for dollar their ad spend up to $1 million if they did so by year-end. However, even this economic enticement was not enough to get many back on board.

Musk’s team has met with advertisers and told them they are making innovations to allow users to make purchases directly, add more video capabilities and develop tools to ensure objectionable content doesn’t pop up next to their ads.

Some ad buyers have said they will wait until these tools have already been developed before deciding whether to return to Twitter, particularly given that we are likely to enter a recession. Speaking Tuesday on Twitter Spaces, Musk said, advertisers are asking for a high return on investment on their ad spend. “Their requests are not fuzzy or irrational or anything. They’re like, quite reasonable.”

However, some advertisers have complained about politicizing Twitter, in particular Musk tweeting just before the mid-term elections that independent-minded voters vote for a Republican Congress.

I am going to go out on a limb and say a number of things:

• Given the events that have happened at Twitter, it’s not a surprise that they want to steer clear of this dumpster fire.
• As for these “innovations” that Elon wants to roll out, I don’t blame advertisers taking a wait and see approach. After all, given Elon’s “ready, fire, aim” mentality, any or all of those could end up rolling out like Twitter Blue did. Which is badly.
• Making a platform political is not going to advertisers want to advertise on said platform.

This explains why Elon has made so many seemingly random decisions lately. He’s desperate to turn Twitter around. So he’s trying anything and everything hoping to find something that works to bring cash in. But it’s not happening for him. Thus you can fully expect that more random decisions, and more chaos at Twitter which won’t help to bring back the number one source of income the company has.

Happy holidays Elon.

So even on Christmas Eve, we’re still talking about Elon Musk and the dumb things that he wants to do in his desperate attempts to cut costs at Twitter. The latest brainwave that he’s had is to shrink the number of data centres that Twitter runs:

Twitter is shutting down its data center in Sacramento, and will downsize its facility in Atlanta, Platformer’s Zoë Schiffer reports.

The company operates three main facilities in the US, with its remaining site in Portland, Oregon, expected to take the increased load. It is not clear if Twitter has done an analysis of the migration and whether the remaining servers can handle the load. The move is expected to happen as soon as early January.

Twitter also has cloud contracts with Amazon Web Services and Google Cloud, but new owner Elon Musk is believed to be trying to renegotiate the contracts and cut expenses.

Now this cannot be stressed enough, pardon the pun. Having multiple data centres means that if an event happens where it puts increased load on Twitter’s infrastructure, there’s enough infrastructure to handle it. An example of this would be a major world event happens and people start Tweeting about it en masse. Seeing as Elon is a “ready, fire, aim” sort of guy, my guess is that he’s gambling that what remains of Twitter’s infrastructure can handle any load. You’ll excuse me if I am skeptical that this would be the case.

Then there’s this:

At the same time, he said that he plans to release new services that will require more storage and compute, including long-form high resolution video.

You need more compute power to run the things that you say that you want to bring to Twitter. But you’re cutting back on the compute power? Am I the only one here who fails to see the logic of what Elon is doing? I guess not based on this:

Former Twitter employee Sasha Solomon, who was fired after tweeting “sighhhhhhhhhhhhhhh” about Musk’s acquisition, responded to the data center closure report with: “Omfg like good luck when a failover needs to happen. So excited to see what 1-ish data center can do with all of Twitter’s traffic.”

Fellow former Twitter staffer Gerard Taylor added: “I’m just thinking about how many aurora files are hardcoded to only use SMF1. There’s going to be at least one outage guaranteed.”

Another ex-employee, Catherine Bonn, joked: “I mean, by the end of Q1 Twitter might have exponentially less traffic, so maybe it will work out fine?”

I’ve commented that since Elon took over at Twitter, he’s taking the platform on a suicide mission. And this move pretty much qualifies. But on a more serious note, Reuters reported on Friday that the company had removed the safety tool earlier in the week on orders from Elon. But in a now all too common U-turn, Elon has brought it back:

After publication of the story, Twitter head of trust and safety Ella Irwin confirmed the removal and called it temporary. “We have been fixing and revamping our prompts. They were just temporarily removed while we do that,” Irwin said in an email to Reuters.

“We expect to have them back up next week,” she said.

About 15 hours after the initial report, Musk, who did not initially respond to requests for comment, tweeted “False, it is still there.” In response to criticism by Twitter users, he also tweeted “Twitter doesn’t prevent suicide.”

I am going to go out on a limb and say that the Reuters report is likely accurate, and the blow back from that from that report made Elon U-turn for the second time in a week. The first time was that ill conceived plan to prohibit users from linking to other social media sites which didn’t even make it to 24 hours. Again, this is Elon being a “ready, fire, aim” sort of guy who makes decisions without thinking about them. In the process he’s highlighting why Twitter is doomed.

You might recall that Elon locked out a bunch of journalists from Twitter because they were allegedly “doxing” him which is broadcasting his location to the world. Then after one of his infamous polls, he claimed that he was going to let them back on. Well, not so fast. The Washing Post is reporting that some journalists remain locked out of Twitter:

Twitter owner Elon Musk said last week that the journalists he abruptly suspended for alleged rule violations were welcome to rejoin the platform after only two days on the sidelines. “The people have spoken,” he tweeted following a poll that strongly favored restoring the accounts.

But Musk didn’t mention that there was a catch.

Twitter has privately demanded that the suspended journalists delete the tweets that drew Musk’s ire in the first place — a condition the reporters have refused to accept.

The result is a stalemate: The suspended journalists remain in Twitter purgatory, unable to access their accounts.

The tweets in question mentioned or linked to a Twitter account called @ElonJet, which tracked the whereabouts of Musk’s private jet using publicly available flight data. All of the journalists were covering or commenting on Musk’s decision to banish the account, which he said threatened his family’s safety by tracking his movements.

None of the journalists’ tweets about @ElonJet, however, disclosed information about Musk or his jet’s location, despite Musk’s claim that the journalists had posted “assassination coordinates.”

The reporters maintain that their tweets were part of their reporting activities and didn’t violate any rules about “doxing,” the unsavory practice of posting personal information without permission. Accepting Musk’s demand for deletion, they say, would amount to a false admission of wrongdoing and an abdication to Musk’s subjective enforcement. They remain suspended.

I’ve said it before and I will say it again. Elon’s word is meaningless. It always has been and it always will be. I say that because this was always about Elon taking a shot at journalists that he didn’t like because they had the audacity to criticize him. That’s why I like many others are rubbing their hands in glee for the EU to simply lower the boom on this guy. Because when they do, as it’s only a matter of time until they do, Elon won’t know know what hit him. In the meantime, journalists are free to set up shop on Mastodon because a growing number of journalists have already moved over there. Not only that, a number of news organizations have set up their own Mastodon instances and federated them with the larger Mastodon community. That I hope creates a wave that brings larger news organizations and big name journalists to Mastodon. Which will in the end hurt Elon as that will take eyeballs away from Twitter. I guess he didn’t think that through. But he will be thinking about it when it happens.

It seems that more layoffs are happening at Twitter which is a sign that things are not going his way.

Additional Twitter employees were terminated Thursday as part of ongoing, rolling layoffs under new owner Elon Musk, including from the public policy and media and entertainment teams, according to tweets from affected employees. 

As part of Thursday’s layoffs, the members of Twitter’s public policy team who had remained following last month’s mass layoffs were again cut down by about half to around 15 employees, a former Twitter employee with knowledge of the layoffs told CNN. 

Among the public policy team’s responsibilities are working with outside advisory groups such as the Twitter Trust and Safety Council, which the company disbanded earlier this month. It also manages human rights programs to protect vulnerable users like activists, engages in transparency efforts, works with government agencies and helps to ensure compliance with global regulations. The public policy team had more than 60 employees prior to Musk’s takeover, the former employee said. 

Thursday’s exits come after Musk laid off about half of Twitter’s workforce last month shortly after his takeover, and later pushed out additional employees, including through an ultimatum requiring them to work “hardcore” or exit the company. Musk’s team — seeking to cut costs at the struggling company that the billionaire purchased for $44 billion — has continued to lay off hundreds of additional Twitter staff since then, including top engineering and legal talent, according to the former employee and multiple recent reports.

On top of Elon being a Grade A scumbag for terminating people two days before Christmas, this is going to further erode Twitter’s ability to protect Twitter users and to make sure that they don’t run afoul of various laws around the planet. But Elon doesn’t care about any of that as it has been proven since he took over at Twitter. I guarantee that he will care at some point. And that day is coming.

Related to this, Elon brought in “Geohot” who is also known as George Hotz, Hotz is best known as the guy who performed a successful jailbreak on the Sony Playstation 3 and then promptly got sued by Sony because of that. He also once had a high-profile feud with Elon when he told a Bloomberg reporter that the Tesla founder “kept changing the terms” after tapping him for a job at Tesla. Hotz then went on to found a startup promising to outdo Tesla in self-driving technology but stepped down as its CEO at the end of October 2022. Elon recently hired him as an “intern” at Twitter to help him to fix the Twitter’s search and scrolling functions. But it looks like he’s now out. And he did it in a way that Elon would have done it.

Apparently he didn’t take this poll too seriously because this happened next:

He lasted four weeks at Twitter. Read into that what you will.

Related to this, both Hotz and Musk held an online chat on Twitter Spaces going over the drama facing the social media company and various related topics. I found a recording of this and pasted it in below:

Some notes if you’re a TL:DR sort of person:

• Elon elaborated on his recent decision-making claiming that Twitter is facing a financial crisis. “We have an emergency fire drill on our hands. That’s the reason. Not because I’m naturally capricious.”
• Elon said that the company is currently losing about $3 billion “in negative cash flow per year” under current conditions. “This company is basically like you’re in a plane that is headed toward the ground at high speed with the engines on fire and the controls don’t work,” 
• Elon noted advertisers remain resistant to spending on Twitter due to the ongoing economic downturn.
• Elon claims that he company is starting to turn things around with the help of the new paid Twitter Blue subscription, he said.
• Elon said “I now think Twitter will in fact be okay next year,” he added. “I think we will be, hopefully, sort of roughly, cash flow break even. That’s what I expect for next year.”

Because this is a privately held company, there’s no way of verifying the truth of any of the above. But given that he continues to cost cut by downsizing people. I question the veracity of the statements that Elon made in this Twitter Space. But this along with more recent events that I have listed above shows that Twitter is in for more chaos. And that chaos will not be taking a break for the holidays.