Following the news that 200 million Twitter/X user records have reportedly been leaked, I have sourced commentary from cybersecurity experts at Comparitech and KnowBe4:
Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4:
“When reading the news that 200 million X user records are now being freely shared online, my brain was instantly brought back the story and allegations made by Alan Rosa, X’s former Head of InfoSec. Rosa was fired after pushing back against Elon Musk’s demand to slash their security budget by 50%, including cutting core protections like vulnerability management and penetration testing. This breach feels like exactly the kind of consequence he warned about. (Even before the takeover, Twitter already did not have a great reputation in taking privacy and user security seriously. Think about the allegations made by Peiter ‘Mudge’ Zatko in 2022). This is just another reminder that companies can’t cut corners on cybersecurity without it catching up to them. For us, the users, we need to remember to be extra vigilant, ensure we have MFA enabled, change passwords (these were not included apparently in the breach but with X’s track record they may be somewhere else up for grabs) and to leave this platform for good if possible.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy:
“Social networks like X will always be an attractive target for hackers and criminals, thanks to being a gold mine of information that can be sold on the dark web. While we currently don’t know the extent of what was exposed, users need to stay vigilant for any phishing attacks that may be made possible by the information. I strongly recommend that users make use of disposable email addresses and phone numbers to sign up for social networks. This will ensure that bad actors won’t gain access to additional data, even if your favorite social network is hacked.”
Brian Higgins, Security Specialist at Comparitech:
“Any global platform with the profile of X and its owner will constantly be a target for pretty much every type of cybercriminal. It’s a modern occupational hazard faced by all providers. On this occasion it doesn’t look like any major private data has been exfiltrated at this stage, but the attacker could have plenty of historic content that users may wish had been deleted.”
“Any entrepreneurial and innovative individual or group wouldn’t have much problem monetizing the information that’s made it into the wild. This attack is at the difficult stage where we only really know what the bad guys claim they have. Hopefully more information will be forthcoming but all those affected can do right now is be vigilant about their online presence and look at ways to raise their security game.”
This should be a wake up call for Twitter/X to up their game when it comes to security. And it should be a wake up call for users of Twitter/X that their personal information may not be as secure as they think. Thus they might consider this yet another reason to leave the platform.
Like this:
Like Loading...
Related
This entry was posted on April 2, 2025 at 11:24 am and is filed under Commentary with tags Hacked, Twitter. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Here’s Some Additional Commentary From Comparitech And KnowBe4 Regarding The 200 Million Twitter/X User Records That Were Leaked
Following the news that 200 million Twitter/X user records have reportedly been leaked, I have sourced commentary from cybersecurity experts at Comparitech and KnowBe4:
Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4:
“When reading the news that 200 million X user records are now being freely shared online, my brain was instantly brought back the story and allegations made by Alan Rosa, X’s former Head of InfoSec. Rosa was fired after pushing back against Elon Musk’s demand to slash their security budget by 50%, including cutting core protections like vulnerability management and penetration testing. This breach feels like exactly the kind of consequence he warned about. (Even before the takeover, Twitter already did not have a great reputation in taking privacy and user security seriously. Think about the allegations made by Peiter ‘Mudge’ Zatko in 2022). This is just another reminder that companies can’t cut corners on cybersecurity without it catching up to them. For us, the users, we need to remember to be extra vigilant, ensure we have MFA enabled, change passwords (these were not included apparently in the breach but with X’s track record they may be somewhere else up for grabs) and to leave this platform for good if possible.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy:
“Social networks like X will always be an attractive target for hackers and criminals, thanks to being a gold mine of information that can be sold on the dark web. While we currently don’t know the extent of what was exposed, users need to stay vigilant for any phishing attacks that may be made possible by the information. I strongly recommend that users make use of disposable email addresses and phone numbers to sign up for social networks. This will ensure that bad actors won’t gain access to additional data, even if your favorite social network is hacked.”
Brian Higgins, Security Specialist at Comparitech:
“Any global platform with the profile of X and its owner will constantly be a target for pretty much every type of cybercriminal. It’s a modern occupational hazard faced by all providers. On this occasion it doesn’t look like any major private data has been exfiltrated at this stage, but the attacker could have plenty of historic content that users may wish had been deleted.”
“Any entrepreneurial and innovative individual or group wouldn’t have much problem monetizing the information that’s made it into the wild. This attack is at the difficult stage where we only really know what the bad guys claim they have. Hopefully more information will be forthcoming but all those affected can do right now is be vigilant about their online presence and look at ways to raise their security game.”
This should be a wake up call for Twitter/X to up their game when it comes to security. And it should be a wake up call for users of Twitter/X that their personal information may not be as secure as they think. Thus they might consider this yet another reason to leave the platform.
Share this:
Like this:
Related
This entry was posted on April 2, 2025 at 11:24 am and is filed under Commentary with tags Hacked, Twitter. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.