If Elon Musk doesn’t see this as an extinction level event, then he’s either delusional or just plain stupid. The Washington Post is reporting that a hacker who dumped the records for 235 million Twitter users associated with email addresses onto a hacking forum:
That poses threats of exposure, arrest or violence against people who used Twitter to criticize governments or powerful individuals, and it could open up others to extortion, security experts said. Hackers could also use the email addresses to attempt to reset passwords and take control of accounts, especially those not protected by two-factor authentication.
“This database is going to be used by hackers, political hacktivists and of course governments to harm our privacy even further,” said Alon Gal, co-founder of the Israeli security company Hudson Rock, who spotted the posting on a popular underground marketplace.
The records were probably compiled in late 2021, using a flaw in Twitter’s system that allowed outsiders who already had an email address or phone number to find any account that had shared that information with Twitter. Those lookups could be automated to check an unlimited list of emails or phone numbers.
Now it is true that Twitter is being investigated by the EU over this hack, and yes this didn’t happen under Elon’s watch. But he own Twitter so this is his problem. And it’s a big problem. Right when he has so many other Twitter related problems to deal with. And the thing is, this is one of the largest data leaks that I can recall. That means that there will be a lot of eyes on this, and a lot of uncomfortable questions that Elon will have to answer. Let’s face it, he’s in very deep trouble here. And I don’t think he has the ability to get himself out of it. And as a result he’s likely rethinking his life choices. Starting with wanting to buy Twitter. .
Elon Musk Said He’d Stop Twitter Impersonations…. But The Washington Post Has Discovered Otherwise
Posted in Commentary with tags Twitter on January 5, 2023 by itnerdRemember when Elon Musk in one of his rushed and not well thought attempts to find something that would make Twitter lots of money in a hurry launched the original Twitter Blue. And as part of that you would get one of the coveted blue checkmarks? Well that turned into a train wreck next to a dumpster fire in a big hurry. Which resulted in Twitter Blue being pulled and relaunched. Part of that plan was this:
Subscribers will receive a blue checkmark next to their name, but only after they verify their phone number and their account has been reviewed. Let’s see if that stops the stuff that happened the last time Elon and company tried to launch Twitter Blue. Though to be fair, the company did say that subscribers who change their username, display name, or profile photo will temporarily lose the blue checkmark until their account is reviewed again.
Well, Geoffrey Fowler of The Washington Post decided to test to see if you can impersonate someone on Twitter. And here’s the answer:
On Tuesday, @SenatorEdMarkey briefly went viral on Twitter. Gisele Barreto Fetterman, the wife of Sen. John Fetterman (D-Pa.), thanked @SenatorEdMarkey in a tweet that garnered 140,000 views.
The problem is, @SenatorEdMarkey is actually me, not the real Sen. Edward J. Markey. It’s a test of Twitter’s $7.99 per month Blue “verification” service I made with the permission of the real Democrat from Massachusetts. I wouldn’t blame anyone for being confused: My test account has the senator’s name and photo and a blue check mark that says it is “verified.”
But Twitter, it seems, isn’t verifying much of anything.
This is the second time I’ve been able to impersonate the senator. Back in November, when Twitter first began selling its iconic blue check marks to anyone for a fee, I showed how easy it was to buy official-looking status with an impostor account called @realEdMarkey. Musk, who bought Twitter in October, got into a Twitter fight with Markey about it. Then Musk shut down Blue and promised that in a new-and-improved version “all verified accounts will be manually authenticated” before they’re given the authority of a check mark.
After Blue 2.0 (my term for it) launched on Dec. 12, I made another faux Markey and applied for verification. Some of Twitter’s new requirements slowed down the process — and might dissuade some impatient impersonators — but the company never asked to see a form of identification. Last week, up popped a blue check mark on my @SenatorEdMarkey account. Oops! I did it again.
I encourage you to read how Fowler did this as that illustrates who useless Twitter’s verification process is. But the bottom line is that anyone is still able to create fake verified Twitter accounts to cause havoc. That’s not going to help to make Twitter appeal to advertisers. And it’s likely to attract the attention of regulators in the US and the EU who in the case of the latter, were already skeptical about how Twitter Blue was being handled.
The bottom line is that this is going to be another problem for Elon to deal with. On top of all the other problems that he has. Sucks to be you Elon.
Leave a comment »