Search This Blog

Showing posts with label Twitter. Show all posts

Twitter: Five Changes to the Platform for Users by Elon Musk

 

Three months have passed since Elon Musk stormed into Twitter's San Francisco headquarters, and the company has barely escaped the spotlight. We've talked a lot about his thoughts on the social network and some of his more controversial business decisions, such as laying off 50% of the workforce, but less about how the platform's 237 million monthly active users use it on a daily basis.

1. Restricting alternative Twitter viewing methods

Twitter appears to have suspended access to its API, which is used by other platforms to communicate with it. So, if you use a social media manager to access your account rather than the Twitter app or website, you may discover that Twitter is not currently working with it. It's unclear whether the move was intentional, but many experts believe it was.

"My guess is that this is because those third-party apps do not show ads and they allow the user to manage their feed as they see fit, which is at odds with Musk's plans to put more ads in front of users' eyeballs and prioritize the tweets of people who have paid for Twitter Blue," said tech commentator Kate Bevan.

Although Twitter has not made an official announcement, popular apps that appear to be struggling include Tweetbot, Fenix, and Twitterific.

2. Maintenance

The order in which tweets appear on people's timelines is perhaps the most noticeable change. A new tab allows you to select between the most recent tweets from people you follow and those recommended by Twitter.

If you're using an iPhone, you'll see two columns at the top, "for you" and "following"; if you're using an Android device, you'll see a star icon on the top right-hand side of the screen. The problem is that many users did not notice or were unaware that the app occasionally reverted to Twitter's curated "for you" feed. There have been complaints that this feed is mostly made up of Twitter recommendations and interactions between people you follow and people you don't know, rather than the content you chose to follow in the first place.

Others, on the other hand, don't mind: "Some days I want to go to a restaurant with just my friends, some days I'll pitch up at the pub and see who's in...can be fun," one Twitter user explained.

3. Reintroduction of contentious accounts

Mr Musk began with some high-profile accounts that had previously been banned for violating Twitter's rules. They included Ye (rapper Kanye West), who was barred from sharing anti-Semitic posts, influencer Andrew Tate (who is currently being held in Romania on charges of people trafficking), and former US President Donald Trump, whose tweets were accused of inciting the Capitol Hill riots in January 2021.

4. Twitter's Blue

Twitter's subscription service, Twitter Blue, launched at the end of November after a few false starts. The $8/$11 (£6.50/£9) monthly fee guarantees access to extra features such as an edit button, increased visibility, and fewer ads. Anecdotally, it appears to have attracted a reasonable number of subscribers, but not a large number - though, as usual, no official news about its success has been released thus far.

5. Ticks of silver and gold

Twitter's "blue tick," which is now a sign of a subscriber, was previously a symbol of a verified account. It was given to the accounts of hand-picked celebrities, journalists, and brands by Twitter to indicate that they were not fakes.

Those who acquired a blue tick under the old regime still have them, along with a message explaining that it is a "legacy" and "may or may not be notable". As a result, seeing a blue tick next to an account does not automatically confer authority on that account.

It has been replaced by a gold or silver tick for brands and government figures, so Coca-Cola is now gold, with an explanation that it is an "official business," and Rishi Sunak, the UK Prime Minister, now has a silver badge.

'Spin Master

Twitter had to change whether Mr. Musk was there or not. Its user base and ad revenue had been stagnant for a long time, while rival social networks had sprung up and experienced explosive growth. Twitter is known for being a small but influential platform, but this was not translating into profits.

Mr. Musk is "a master of PR and spin and innovation and creativity", said social media expert Matt Navarra. He is not afraid of causing a stir or tearing up the rulebook. But will his revolutionary tactics turn around the fortunes of this floundering company, which he claims was losing $4 million per day when he took over?

It's difficult to say because Twitter is secretive about its metrics. It is now a privately owned company, as it should be. However, new advertisers do not appear to be flocking to the site, users are complaining about changes to the way their accounts are displayed, and a recent API change has irritated developers, a community that Twitter needs to help it grow.

Mr. Navarra of his own user experience of engaging with 150,000 followers said, "The vibe seems to have shifted and it doesn't seem to be quite what it was before. I don't see any signs of green shoots for a new Twitter."

No Evidence: Twitter Denies Hacking Claims and The Stolen Data Being Sold Online


Twitter has denied the claim of getting hacked and the stolen data being sold online. 

According to a LinkedIn post last week by Alon Gal, co-founder of the Israeli cybersecurity monitoring company Hudson Rock, stolen data has been discovered, that contained email addresses of more than 200 million twitter users. 

The breach would probably result in "hacking, targeted phishing, and doxxing," according to Gal, who labeled it as a "significant leak" and said that the information had been uploaded on an internet hacker forum. 

He claimed that despite alerting the firm, Twitter, he had not received a response. 

"I urge security researchers to conduct a thorough examination of the leaked data and rule out Twitter's conclusion of the data being an enrichment of some sort which did not originate from their own servers," says Alon Gal. 

Although, Twitter has denied all claims of the emails, allegedly linked to the users’ accounts, being obtained through a hack. 

In regards to the issue Twitter responded by stating “in response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems.” 

According to Twitter, the stolen records in question was instead probably a collection of data “already publicly available online.” While it still warns online users to be wary of suspicious emails. 

Gal, meanwhile, disapproved of Twitter's answer in a fresh post on LinkedIn. In contrast to instances of data enrichments, he noted, “The authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments.” 

The disclosure came to light following the multiple reports that Twitter data of millions of users – 5.4 million in November 2022, 400 million in December 2022, and 200 million last week – have been exposed online for sale on cybercrime forums. 

The Breach Could Not Be Correlated to Previous or New Incidents 

Twitter, in its latest post says that the latest dataset breach of 200 million users “could not be correlated with the previously reported incident, nor with any new incident or any data originating from an exploitation of Twitter systems.” 

It added that, “None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.” 

Moreover, in December 2022, another set of reports claimed that 400 million email addresses and phone numbers were stolen from Twitter – which the company denied as well.  

Digital Systems Fail at Toronto Hospital Network, Triggering a "code grey"

 


Several major Toronto hospitals had their digital systems down on Monday, and they are investigating the cause, following which University Health Network issued a "code grey" to indicate a system failure. 

Gillian Howard, a spokeswoman for UHN, said the hospital has been experiencing outages in its digital systems. There are currently "downtime procedures" in clinical areas, Gillian added. 

In a series of tweets issued later Monday evening, the UHN noted that the network had restored service to most departments across the city. However, there may be some challenges getting to some departments due to the outage. Patients should also be prepared for a delay when they arrive at the hospital on Tuesday morning, according to the tweet.   

"In addition to ensuring the safety and well-being of their patients, the hospital ensures that they give patients updates as soon as they have more information," concluded the tweet. 

There was another outage during the day at UHN, which followed a similar outage at Toronto's Hospital for Sick Children caused by a ransomware attack last month. As part of the response, the children's hospital announced last week that 80 percent of its priority systems had been restored. It had not paid any ransoms to the hackers. 

In the United States, there is a ransomware group called LockBit, which The Federal Bureau of Investigation has called one of the world's most destructive and active criminal organizations. The group apologized for the hack allegedly committed by a member of the group. 

SickKids was offered a decryptor, but the organization said it was not planning to use it and that its technology department was restoring its systems instead. There has also been an incident where Scouts Canada has been a victim of a cyberattack recently on its "MyScouts" database, which is used to manage programs across the country. Scouts Canada announced only a small number of users had been directly affected by the outage on Monday, but the system remains down. 

The cause of the latest outage at UHN hospital is unclear. However, a research firm has found that cyberattacks on Canadian hospitals increased by 20 percent last year. This is according to data compiled in its report. 

According to a study by Check Point Research, three industries were the most affected in 2022: healthcare, finance, and government. There has been a lot of progress in the public sector regarding privacy and cybersecurity, but more needs to be done to reach "cyber maturity" in the public sector. 

It recommended that across the broader public services sector, the province needs to "enhance existing governance structures to facilitate effective cybersecurity risk management."

Hackers Expose Credentials of 200 million Twitter Users

Researchers suggest that a widespread cache of email addresses related to roughly 200 million users is probably a revised version of the larger cache with duplicate entries deleted from the end of 2022 when hackers are selling stolen data from 400 million Twitter users.

A flaw in a Twitter API that appeared from June 2021 until January 2022, allowed attackers to submit personal details like email addresses and obtain the corresponding Twitter account. Attackers used the vulnerability to harvest information from the network before it could be fixed. 

The bug also exposed the link between Twitter accounts, which are frequently pseudonymous, numbers and addresses linked to them, potentially identifying users even if it did not allow hackers to obtain passwords or other sensitive data like DMs. 

The email addresses for a few listed Twitter profiles were accurate, according to the data that Bleeping Computer downloaded. It also discovered that the data had duplicates. Ryushi, the hacker, asked Twitter to pay him $200,000 (£168,000) in exchange for providing the data and deleting it. The information follows a warning from Hudson Rock last week regarding unsubstantiated claims made by a hacker that he had access to the emails and phone numbers of 400 million Twitter users.

Troy Hunt, the founder of the security news website Have I Been Pwned, also investigated the incident and tweeted his findings "Acquired 211,524,284 distinct email addresses; appears to be primarily what has been described," he said. 

The social network has not yet responded to the enormous disclosure, but the cache of information makes clear how serious the leak is and who might be most at risk as a consequence. Social media companies have consistently and quickly minimized previous data scrapes of this nature and have dismissed them as not posing substantial security risks for years.

Ryushi Demanding Ransom Worth $200,00 For Breached Data


In a recent case of a Twitter data breach, the hacker named “Ryushi” demanded a ransom worth $200,000 to hand over the stolen data of 400 million users. 

In regard to this, a probe has been launched by Ireland’s watchdog. According to the Data Protection Commission (DPC) it "will examine Twitter's compliance with data protection law in relation to that security issue." 

As per the reports, Twitter did not comment on this claim yet, nor did it respond to the press inquiries regarding the claimed breach. 

The stolen data apparently includes victims’ phone numbers and emails, including that of some celebrities and politicians. While the exact size of the haul is yet to be confirmed, only a small “sample” has been made public thus far.  

Several Hints May Prove the Claim 

A cybercrime intelligence firm 'Hudson Rock' was the first to bring up the issue of the sale of stolen data. One of the company's chief technology officers told BBC that several hints seemed to back up the hacker's assertion. 

The data did not seem to have been copied from some earlier breach, where the details were made public from 5.4 million Twitter accounts. 

Out of the 1,000 sample emails provided by the hacker in the earlier incident, only 40 emails appeared, "so we are confident that this breach is different and significantly bigger," the officer said.

Additionally, Mr. Gal noted: "The hacker aims to sell the database through an escrow service that is offered on a cyber-crime forum. Typically this is only done for real offerings." An escrow service is a third party that agrees to release funds but only after certain conditions are met (for example handing over data)  

The hacker has said that the breached data was obtained and gathered by taking advantage of a vulnerability in the system, that enables computer programs to connect with Twitter. 

The DCP on the other hand announced that it was investigating the earlier breach that took place on December 23, 2022. Moreover, media reports assert that the hacker is in fact aware of the loss and potential damage the breached data can do.  

Twitter Data Breach: Hacker Posted List of Hacked Data of 400M Users

 

One of the biggest Twitter data breaches has resulted in the selling of 400 million Twitter users' personal information on the dark web. The news was released just one day after the Irish Data Protection Commission (DPC) said that it was looking into a prior Twitter data leak that affected more than 5.4 million users, according to CyberExpress. 

In late November, the previous breach was discovered. The hacker released a sample of the data on one of the hacker sites as evidence that the data is real. Email, username, follower count, creation date, and, in some situations, the users' phone numbers are all included in the sample data.

What's shocking is that the hacker's sample data includes information from some pretty well-known user accounts. The user data in the sample data includes the following:

  • Alexandria Ocasio-Cortez
  • SpaceX
  • CBS Media
  • Donald Trump Jr.
  • Doja Cat
  • Charlie Puth
  • Sundar Pichai
  • Salman Khan
  • NASA's JWST account
  • NBA
  • Ministry of Information and Broadcasting, India
  • Shawn Mendes
  • Social Media of WHO

The sample data includes the data of many more well-known users. The majority of them will point to the social media staff, but if the data leak is real, it will be disastrous. While other threat actors have not verified the data yet, Alon Gal in his LinkedIn post states that "The data is increasingly more likely to be valid and was probably obtained from an API vulnerability enabling the threat actor to query any email / phone and retrieve a Twitter profile, this is extremely similar to the Facebook 533m database that I originally reported about in 2021 and resulted in a $275,000,000 fine to Meta."

Meanwhile, In his post, the hacker writes, "Twitter or Elon Musk if you are reading this you are already risking a GDPR fine over 5.4m breach imagine the fine of 400m users breach source. Your best option to avoid paying $276 million USD in GDPR breach fines like Facebook did (due to 533m users being scraped) is to buy this data exclusively."

The hacker states he is open to the 'Deal' going through a middle man and further stated, "After that I will delete this thread and will not sell this data again. And data will not be sold to anyone else which will prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things that will make your users Lose trust in you as a company and thus stunt the current growth and hype that you are having also just imagine famous content creators and influencers getting hacked on twitter that will for sure Make them ghost the platform and ruin your dream of twitter video sharing platform for content creators, also since you Made the mistake of changing twitter policy that got an immense backlash."

Elon Musk's Cool New Data Plan is Probably Ethically Wrong

 

There is no way around it. Elon Musk is a brilliant businessman. If you display the man a box, he will think outside of it. The CEO chased away all of Twitter's advertisers, so he's been trying to figure out how to make money for his company lately.

Based on a report in the Platformer newsletter, Twitter is working on a plan that would force users to opt in to targeted ads, removing a years-old privacy setting that gives users more control over their data. But wait, there's more! The new strategy may require you to share your location data and allow Twitter to sell your data to third parties. Furthermore, the company may seek your permission to use your contacts and the phone number you provided for two-factor authentication to target advertising. These are not only brilliant ideas; they are almost certainly illegal as well.

As per Platformer's sources, Twitter's new innovation would display a full-screen pop-up asking users to consent to personalized advertising and location data collection. Because the only reason to get rid of the pop-up would be to say yes, using Twitter would be impossible without consenting to the new data regime. Several laws are in the way of what Elon may be planning. 

The GDPR is in effect in Europe. Just last week, the EU issued a ruling against Meta that prohibited this type of mandatory consent. California has the CCPA as well as its younger brother, the CPRA, which takes effect on January 1. 

Both essentially state that you cannot compel people to consent to data sharing and targeted advertising. Furthermore, the plan may run afoul of Apple, Inc., a consumer electronics manufacturer that makes a big deal about privacy. If you join up for the $8 per month Twitter Blue service, you will reportedly be able to avoid targeted advertising. Apple claims that forcing users to choose between ad tracking and a paid service will result in your app being removed from the App Store. 

Then there's the Federal Trade Commission. The reported plan could result in enforcement action, if only because Twitter recently paid the FTC a $150 million fine for targeting ads without permission using two-factor authentication phone numbers. The company has been under an FTC consent decree since 2011. Elon has benefited from resignations, firings, and other personnel changes in Twitter's legal department.

Twitter currently lacks a communications department, as Musk laid off half of the company. As a result, the company did not respond to a request for comment right away. A quick look at Twitter reveals that hundreds, if not thousands, of users are upset with the whole forced consent idea, and many have threatened to leave the site if it goes through.

Selling your data and showing you more targeted ads would solve a lot of Twitter's problems if it weren't for the CCPA, the FTC, the GDPR, Apple, and Twitter's own users. Ads generate 90% of Twitter's revenue, and the company's relationship with advertisers is deteriorating.

Elon tweeted over the weekend to thank advertisers for returning, which, uh, doesn't seem to be a thing that happened in the universe the rest of us live in. One former executive defined the advertiser situation at Twitter as "catastrophic" in late November.

Traffic to Twitter's ad management tool was down 75% in October and then 85% in November, compared to the same time last year, according to the Wall Street Journal. Meanwhile, Twitter alleviated advertisers' concerns about rising hate speech by running advertisements for major corporations on the profiles of white nationalists. Twitter's ad business was already in danger before Musk dumped the majority of his company's biggest advertisers. 

Users' Data was Breached in 2021, Twitter Confirms

 


A Twitter spokesperson confirmed that the breach that affected millions of users' profiles, including private phone numbers and email addresses, was indeed caused by the same data breach that Twitter disclosed in August 2022, in which millions of emails and phone numbers were obtained.   

A Twitter spokesperson said the company's incident response team analyzed the leaked user data in November 2022. They found that each of the leaks was caused by the same vulnerability. It was before the January 2022 fixes were made. 

The Twitter official posted, "When Twitter learned about the news, the Incident Response Team evaluated the newly released report, which compares the data to data published by the media on 21 July 2022. Upon comparison, the Incident Response Team found the exposed data was the same in both cases. 

An update posted by Twitter on November 20, 2022, says that the data of some of its users may have been leaked online due to a security issue. 

On the Forum of a Hacker, Some Data was Leaked

According to Twitter's bug bounty program, the company received a report about an issue in January 2022. As described in the announcement above, an API flaw allows an attacker to feed email addresses or phone numbers into an API loophole. This will enable them to obtain a Twitter ID associated with the email address or phone number. 

For Twitter users who wish to post anonymously, this could pose a significant risk to their privacy. This is because members' phone numbers and email addresses are not meant to be public. 

By the time Twitter rectified the problem, there had already been 5.4 million user profiles created. These consisted of private and public information provided by millions of email addresses and phone numbers. The API vulnerability is currently being exploited by threat actors contributing to creating those profiles. 

The scraped data was sent to a hacker forum in July 2022 and listed for sale for $30,000. According to the forum, two people are alleged to buy the data for less than the original price. 

As a result of a threat actor operation in September and November 2022, a file containing all 5.4 million records scraped from the internet in 2021 was released to the public in JSON file format. In the past, this document was distributed privately between a limited number of threat actors and was not publicly available. 

It was also announced that an independent researcher also shared samples of an additional set of Twitter profiles that had previously been scraped to exploit the vulnerability. There were 5.4 million users whose profiles were compromised in the original breach, but these profiles were not included. 

According to the report, the data set collected using the same API flaw is reportedly much bigger, containing 17 million records. 

There was no confirmation of the extent of the additional data set. However, a report examined an excerpt of a data set containing 1.4 million previously undisclosed French Twitter account records. 

Despite Twitter's recent updates indicating that the data leaked last month is related to the vulnerability previously disclosed, the company has not confirmed exactly how many users have been exposed to the flaws. 

It is recommended that users enable two-factor authentication on their Twitter accounts and use authenticator apps or hardware keys to protect their Twitter accounts. Twitter also asked its users to be extra vigilant about all incoming emails related to their Twitter accounts when they receive them. 

As a Twitter user, you should always remain vigilant when receiving any kind of email communication, as it is likely that threat actors may use the leaked information to create extremely effective phishing campaigns, Twitter warned. 

It is always advisable to be cautious of emails that convey a sense of urgency or emails that appear to be requesting private information from you. Always ensure that the email is coming from an authentic Twitter source. 

Twitter Feud with Apple Boss Resolved, Says Elon Musk


Twitter CEO Elon Musk has recently said that he and Apple boss Tim Cook have “resolved the misunderstanding” over Twitter being possibly removed from the App Store. 

The feud began when earlier this week, Musk, in a series of tweets accused Apple of halting most of the advertisements and threatening to remove the platform from its App Store. He added that this situation had become “a battle for the future of civilization.” 

However, Apple’s chief executive tweeted on Wednesday that “Tim was clear that Apple never consider doing so.” While he did not say whether Apple’s advertising was discussed in the meeting. 

The meeting between the two CEOs as numerous companies have halted spending on advertisements on Twitter, due to concerns over Elon Musk’s content moderation plan. 

This would apparently be a major setback for Twitter since Twitter relies on advertisements for the majority of its aggregate revenue. 

On Monday, the Twitter CEO accused apple of “censorship,” while also criticizing its policies, particularly the levies it imposes on purchases made through its App Store. “Apple has mostly stopped advertising on Twitter. Do they hate free speech in America?” said Musk. 

Later, Musk updated his Twitter followers that he was meeting with Mr. Cook at Apple’s headquarters, adding in his tweet: “Good conversation. Among other things, we resolved the misunderstanding about Twitter potentially being removed from the App Store. Tim was clear that Apple never considered doing so.” Meanwhile, Apple has not made any official comment on the said meeting. 

Weeks after Mr. Musk became the chief executive, Twitter lost at least half of its major advertisers. This estimates a loss of nearly $750 million to the social media giant, as reported by Media Matters, a non-profit watchdog. 

Some of the major advertisers lost included General Mills and Pfizer. Musk as well acknowledged that this defection has resulted in a “massive drop” in revenue, with the company losing $4 million per day. 

Apple, on the other hand, is consistently one of the major advertisers on the social network company, spending over $100 million annually, as reported by Bloomberg.  

Users' Data Exposed Due to Twitter API Security Flaw

Cybercriminals started selling the user details of more than 5.4 million Twitter users on a hacking website in July this year after taking advantage of an API flaw that was made public in December 2021. Just as other researchers discovered a compromise affecting millions of accounts throughout the EU and US, a hacker just made this information available for free.

While the majority of the data was made up of publicly available details like Twitter IDs, names, login names, localities, and verified status, it also contained private details like phone numbers and email addresses. 

Security specialist Chad Loder was the first to reveal the story, but he was shortly suspended from the microblogging service. According to Loder, they contacted a sample of the impacted accounts and came to the conclusion that the information was accurate and the breach happened in 2021.

The information was first stolen from Twitter exploiting a vulnerability in the application programming interface API of the service, but it is now freely available online. Twitter was open about the initial user ID leak and API attack that affected millions of users. The platform claimed at the time that it was alerting users who they could verify had been affected by the data leak.

The data of 5,485,635 active Twitter users was exchanged freely on a hacking site on November 24. The initial 5.4 million data points were distributed for free in a thread that appeared on BreachForums last week, and as of the time of reporting, the forum thread was still active. Although the forum thread highlighted the other 1.4 million from restricted accounts may still be spreading exclusively in private circles, Gizmodo was unable to confirm the veracity of the information.

A breach of 17 million users would be one of the larger user data breaches, though by no means the largest given that Twitter has more than 200 million active daily users.



Twitter Substitute: Mastodon is it Secure?

Mastodon, a Twitter substitute, has gained popularity as the Musk era gets underway, however, is it more private and safe than Twitter?

Mastodon resembles a hybrid of Twitter and Discord. It is a microblogging network, like Twitter. It hosts hundreds of separate servers, unlike Twitter, and is decentralized.

Mastodon is self-funded and dependent on member donations and the administrator's goodwill. The servers are often run by volunteer moderators and focused on a single topic, such as politics or technology. Each has unique guidelines and a sign-up procedure. Users do not require special access to view posts and interact with others because users can join as many as they like and follow people across different sections.

People who switch from Twitter to Mastodon make the first error of thinking that it will be a resembling alternative. 

Mastodon Security

Forbes spoke to numerous specialists who addressed security issues with Mastodon's architecture and potential programming flaws in an article published this week. 

"Mastodon isn't the cure many people abandoning Twitter may think it is," cautioned Cybrary's senior director of threat intelligence, David Maynor.

For your Mastodon account, enable two-factor authentication. Mastodon's design may have flaws, according to Melissa Bischoping, director and endpoint security research specialist at Tanium. The website is divided up into 'instances,' or separately maintained sections. In addition to developing the rules for each 'instance,' administrators are also in charge of the site's infrastructure and software.

User verification is another function that falls under the general security category. Anybody can sign up at any of Mastodon's several distinct instances, independent servers managed by various admins because you are not registered and pretend to be you. 

Finally, numerous instances have been created solely for the goal of testing security and reporting flaws and vulnerabilities, allowing the ethical hacking and bug-hunting community to continue to participate and enhance the security of the platform as it becomes more widely used.


Researchers Updated Twitter Data Breach as “More Harmful” Than Reported


Last year, Twitter exposed more than five million phone numbers and email addresses following a massive data breach. The research team of 9TO5Mac has been provided with evidence that suggests the same security vulnerability was exploited by multiple threat actors at the same time. Additionally, several sources have advertised the availability of the hacked data on the dark web for sale as well. 

This vulnerability was first reported back in January by HackerOne. Using this tool, anyone could enter a phone number or e-mail address and then find the Twitter account associated with that number or email address. A Twitter handle can be easily converted into an internal identifier used by Twitter, even though it is an internal identifier utilized by Twitter. 

In reality, a threat actor would be able to construct a single database that would contain Twitter handles, email addresses, and phone numbers accumulated from the web. 

When Twitter released an announcement in May, it confirmed that the vulnerability existed and had been patched, but it did not mention that anyone had exploited it. 

According to the restoration privacy report, a hacker had indeed used the vulnerability to gain access to millions of accounts around the world. He had gotten access to personal information as a result. 

There has been a massive breach of Twitter data, and not just one

In a Twitter thread yesterday, there was a suggestion that some threat actors had accessed the same personal data in more than one way. Having seen evidence of multiple breaches, 9to5Mac can now verify that this is indeed the case. 

The security researchers explained that, in a previous report, they had seen a dataset that contained the same information in a different format, and the source told researchers that it was "definitely a different threat actor." This was just one of several files that they had seen. The researchers at 9TO5Mac found that the dataset was just one of several similar files. 

The majority of the data is based on Twitter users in the UK, most EU member countries, and several US states. 

Essentially, the setting the security researchers are referring to here refers to a setting that is quite deeply buried within the settings of Twitter. This setting appears to be on by default if you open Twitter's settings. 

An estimated 500k record was downloaded within one hour by the bad actors, it has been reported. On the dark web, multiple sources have offered this data for sale for a price between $5,000 and $10,000. 

It has been reported that a security expert's account has been suspended after tweeting about it. There was also another security specialist whose Twitter account was suspended the same day. Chad Loder, a well-recognized computer security expert, predicted Twitter's reaction within minutes of it being announced and it was confirmed by other experts. 

There is evidence that multiple hackers have obtained the same data and combined it with other data sourced from other breaches to steal the information.

Elon Musk is Planning to Develop an Alternate Smartphone

If Apple decides to remove Twitter from the App Store, Elon Musk has an easy strategy,  to build his own smartphone. 

Musk has changed a lot about Twitter since he joined at the end of October, including major staff cuts and firings that prompted managers in charge of data privacy and content moderation to resign.

In terms of content filtering, Musk fundamentally supports the right to free expression. Additionally, he apparently intends to attempt and make money for Twitter through explicit content. When Jack Dorsey was in charge, content filtering was more deliberate and concentrated on user 'safety,' outlawing obscenity, hate speech, and violence. 

Musk tweeted on Friday night, "If Apple & Google expel Twitter from their app stores, @elonmusk should manufacture his own smartphone," in response to the conservative commentator Liz Wheeler. The prejudiced, snooping iPhone & Android would be cheerfully abandoned by half of the country. A foolish little smartphone ought to be simple for the man who makes rockets to Mars, right? ”

"I sincerely hope it never comes to that, but indeed, If there is no other option, I will develop an alternate phone," Musk said.

Phil Schiller, a senior Apple marketing executive that oversees the company's App Store, deactivated his Twitter account last week, which could be a terrible sign for Twitter. After Musk criticized Apple's fees on Twitter, calling them a hidden 30% tax on the internet, Schiller made the change.











Twitter's Brussels Staff Sacked by Musk 

After a conflict on how the social network's content should be regulated in the Union, Elon Musk shut down Twitter's entire Brussels headquarters.

Twitter's connection with the European Union, which has some of the most robust regulations controlling the digital world and is frequently at the forefront of global regulation in the sector, may be strained by the closing of the company's Brussels center. 

Platforms like Twitter are required by one guideline to remove anything that is prohibited in any of the EU bloc's member states. For instance, tweets influencing elections or content advocating hate speech would need to be removed in jurisdictions where such communication is prohibited. 

Another obligation is that social media sites like Twitter must demonstrate to the European Commission, the executive arm of the EU, that they are making a sufficient effort to stop the spread of content that is not illegal but may be damaging. Disinformation falls under this category. This summer, businesses will need to demonstrate how they are handling such positions. 

Musk will need to abide by the GDPR, a set of ground-breaking EU data protection laws that mandate Twitter have a data protection officer in the EU. 

The present proposal forbids the use of algorithms that have been demonstrated to be biased against individuals, which may have an influence on Twitter's face-cropping tools, which have been presented to favor youthful, slim women.

Twitter might also be obligated to monitor private conversations for grooming or images of child sexual abuse under the EU's Child Sexual Abuse Materials proposal. In the EU, there is still discussion about them.

In order to comply with the DSA, Twitter will need to put in a lot more effort, such as creating a system that allows users to flag illegal content with ease and hiring enough moderators to examine the content in every EU member state.

Twitter won't have to publish a risk analysis until next summer, but it will have to disclose its user count in February, which initiates the commission oversight process.

Two lawsuits that might hold social media corporations accountable for their algorithms that encourage dangerous or unlawful information are scheduled for hearings before the US Supreme Court. This might fundamentally alter how US businesses regulate content. 

Apple Accused Over Monitoring Users' Behavior Without Consent


According to a lawsuit, despite the fact that settings on Apple's iPhones and other devices are designed to prevent any tracking or sharing of app data, the corporation nonetheless collects, tracks, and monetizes user details even after users have turned off sharing.

When using the App Store app on iOS 14.6, each click users make is recorded and given to Apple, according to the thread posted last week by the Twitter account Mysk, which is maintained by two developers in Canada and Germany. 

The developers assert that this occurs regardless of users’ preferences and settings. The developers claim that "opting out or switching the personalization options off did not decrease the amount of detailed data that the app was transmitting." Apple provides a number of toggles designed to limit tracking.

In a follow-up report by Gizmodo, the developers discovered that although the privacy toggles, a number of additional apps, including Music, TV, Books, the iTunes Store, and Stocks, all transferred data to Apple. The site claims that the majority of the apps that transmitted analytics data shared constant ID numbers, which would allow Apple to follow user behavior across its services like the Health and Wallet apps.

Elliot Libman, the plaintiff, alleged  Apple's assurances that users have control over the data they provide when using iPhone apps are factually false and in violation of the California Invasion of Privacy Act.

The thread also notes how ironic Apple's alleged surveillance appears given that strong controls were introduced in iOS 14.5 to stop third-party developers from tracking users against their own will. Although the iOS 14.6 operating system has been around for more than a year, the researchers said they observed identical apps sending comparable data packets when using iOS 16.

The Twitter Blue Scandal Caused Eli Lilly to Lose Billions of Dollars


It seems that Twitter Inc. has suspended its recently announced $8 blue check subscription following a proliferation of fake accounts on its platform. However, the decision to suspend the service came too late for one pharmaceutical company due to how fast online accounts proliferated. 

American pharmaceutical giant Eli Lilly (LLY) lost billions of dollars after its stock plummeted on Friday due to a false tweet claiming "insulin is free now" sent on Thursday by a fake account, verified with a blue tick. 

A fake account impersonating Eli Lilly on social media promised free insulin as part of its promotion on Friday, according to The Star newspaper. However, the stock of the company dropped 4.37 percent, wiping out over $15 billion in market capitalization. 

In a tweet posted from its official Twitter account, Eli Lilly provided clarification regarding the matter.

A flood of fake Twitter accounts has sprung up since Elon Musk's revised subscription guidelines for Twitter Blue were announced. Eli Lilly is only one of the victims. 

Twitter's Blue Saga


It was reported on Friday by AFP that Twitter took action on Friday to curb the proliferation of fake accounts. This has been seen since Elon Musk took over the company. There has been a suspension of new sign-ups for the newly introduced paid checkmark system on Twitter, and some accounts have been restored to their gray badges. 

Before the new law, the coveted blue tick used to be available only to politicians, famed personalities, journalists, and other public figures. It was also available to government organizations and private organizations. 

The official Twitter account @twittersupport tweeted on Friday about restoring the "official" label on accounts to stop the flood of fake accounts. The tweet stated "To combat impersonation, we have added an "official" label to some accounts." 

There is evidence that Twitter has temporarily disabled the feature as documented by a memo sent internally to its employees, obtained by US media including The Washington Post, to address "impersonation issues."

Twitter Drama Continues With Blue-Tick Confusion


Social media platform Twitter halted and later relaunched its premium services that offer blue-tick verification labels to subscribers paying $8 a month. The services went unavailable on Friday, after Twitter was flooded by a wave of fake user accounts that were approved. 

The action was taken in response to a number of accounts impersonating company giants receiving a blue tick, that previously indicated that the platform has verified the user as real. 

A Twitter user claimed to be a drugs firm Eli Lilly and said "insulin was free". Twitter did not comment. 

The incident added to the concerns about how Musk’s leadership has an impact on the spread of misinformation on the platform. 

"We apologize to those who have been served a misleading message from a fake Lilly account," tweeted Eli Lilly, a few hours after the prank post went up on the internet on Thursday, reiterating the name of its real Twitter handle. Consequently, the firm’s shares fell up to 4% on Friday amid the confusion. 

Max Burns, a US-based PR strategist says he had seen the fake accounts being impersonated as ‘verified user’ accounts with the verified blue tick badge, that was supposedly purchased via Twitter Blue posing as support accounts for existing airlines and asking users who were trying to contact them on Twitter to direct message the fake accounts instead. 

"How long until a prankster takes a real passenger's ticket information and cancels their flight? Or takes their credit card info and goes on a spending spree?" he said. "It will only take one major incident for every airline to bail on Twitter as a source of customer engagement." 

Adding to the confusion, these fake verified accounts could put advertisers in major difficulties, who have put their businesses with Twitter on hold. Musk's rocky run atop the platform laying off half its workforce and triggering high-profile departures has raised questions about its survivability. 

The imposters could be a major setback, even if the fake accounts are taken down quickly. 

They have created overwhelming reputation risk for placing advertising investments on the platform, says Lou Paskalis, longtime marketing, and media executive and former Bank of America head of global media. He adds that with the fake verified brand accounts, a picture emerges of a platform in disarray that no media professional would risk their career by continuing to make advertising investments on, and no governance apparatus or senior executive would condone if they did. 

Twitter’s Latest CEO Warned Employees 

Last month, Elon Musk made his $44 billion purchase of Twitter and swiftly set about overhauling the company. 

Musk has fired roughly 3,700 employees, almost half of the firm’s former staff- and pushed the firm to concentrate on finding ways other than advertising to generate revenue. 

His first email to employees warned, "The road ahead is arduous and will require intense work to succeed[...]Without significant subscription revenue, there is a good chance Twitter will not survive the upcoming economic downturn." 

Senior Twitter Officials Resigned Upon Elon Musk's Takeover

At Twitter, as we all know by now that a lot is going on. 50% of the employees were laid off after Elon Musk took over the business. A couple more top executives quit the firm as Musk implemented measures to make Twitter profitable. 

As pressure over Twitter's future and the unpredictable actions of its new owner, Elon Musk, grows, the company's chief information security officer, who held one of the most critical positions, announced his resignation on Thursday.

Robin Wheeler and Yoel Roth have resigned. At Twitter, Roth served as the Senior Director of Safety & Integrity, while Wheeler is in charge of the Client Solutions division. When rumors first surfaced, Roth acknowledged his departure while Wheeler underlined that she is still very much a part of Twitter.

The former CISO, Lea Kissner, stated in a tweet that they were eager to determine their next course of action. Kissner did not answer right away to a request for comment and did not publicly explain why they left Twitter.

According to a source with knowledge of the matter, Twitter's head of integrity and safety, Yoel Roth, also announced his resignation from the organization on Thursday. Roth became a prominent public figure in the days that followed Musk's purchase of the business, defending and explaining some of the numerous changes that were being made. On Wednesday, he participated in a Twitter Spaces discussion with Musk to allay worries about how the site will handle harmful content in light of the modifications.

On Thursday, the billionaire held his first meeting with the workers who weren't affected by the layoffs. Musk issues a dire warning during the meeting, orders staff to report daily, and bans remote work. All employees are required to put in 40 hours a week in the workplace, he continued, with the only exceptions being those who are physically unable to travel to an office or special circumstances approved by the manager.

The most recent illustration of the internal unrest gripped Twitter in the wake of the company's massive layoffs in their resignations. The employee's post also asserted that Musk's emphasis on monetizing the site would endanger users who are particularly vulnerable, such as political dissidents and human rights campaigners.

The employee stated Musk seemed unconcerned about Twitter's potential culpability before the FTC, which was implied in the message, and it even hinted that it would put Twitter's own staff in legal danger.


Twitter Users Switch to Mastodon. What Next?


Mastodon, a platform similar to Twitter getting famous

In the aftermath of Elon Musk taking over Twitter, few users have been using alternative platforms. Mastodon is one of the biggest beneficiaries. But what is it? Let's read more about it.

In terms of appearance, Mastodon looks like Twitter, account users write "toots" (meaning posts), which be liked, re-posted, and replied to. The users can also follow each other. Beneath the surface, however, its working is different. 

It is one of the reasons why the platform is getting a lot of users, but it has made some doubts for new users signing up. The platform is six years old, but its current rise is unbelievable, getting overwhelmed by new followers every day. Here's everything you want to know about it.

Selecting servers

The first thing a user has to do after signing up is select a server, there are many. The themes vary from county, city, or interest- like UK, social, technology, gaming, etc. 

It doesn't matter which server you are using, as you can follow users from any server, however, it gives you a familiar community that'll share similar content, the kind you might be interested in. Famous ones like social and UK- are currently running very slowly because of the high demand. 

How to find people? 

The server you select becomes part of your username, for instance, if you are using your current Twitter handle "XYZ" on a UK server, the username will be @xyzmastodonapp.uk. So here's your user address, the people can search it to find you on the app. If you're on the same server, you can find a person using their name, but if they are on another server, you will need their full address. 

In this matter, it is different from Twitter, Mastodon will not recommend users you might be interested in. You can also look for hashtags. 

Moderation of Mastodon

Zoe Kleinman, writer at BBC says:

"This is a real hot potato. At the moment all the servers have their own moderation rules, and some have none. Some servers are choosing not to link to others that are full of bots or seem to have a high quantity of hateful content - this means they will not be visible to those on the servers where they are blocked. Posts can also be reported to the server owners."

In case of hate speech or illegal content, the owners can remove it, but it doesn't assure that the content is removed from everywhere. 

If Mastodon continues to grow, it can become a major issue. There have already been cases of people being targeted via hateful content, and the use of homophobic harassment. 

What about the ads?

No, there are no ads. But you can promote your company or services, as there are no regulations. Mastodon also doesn't have a curated experience like Twitter, where you view posts on the basis of what your followers are talking about. 

Is it paid or free?

It depends on the server you are using, some ask for donations, as they don't get paid, however, a large part of it is free. 








Hackers Could Find a Heaven on Elon Musk's Twitter

 


The ransomware group Yanluowang appears to be on Twitter now, using its newly created account to announce that they have breached the systems of the messaging platform Matrix, a service that has compromised high-profile companies. 

Yanluowang is one of several cybercrime groups that have been active on Twitter in recent months, and the platform's takeover by Elon Musk, who has promised a more laissez-faire approach to content moderation, could make it an even more attractive environment for cybercriminals to operate in.

It was recently reported that Yanluowang, the cyber security firm known for targeting financial services companies with its malware, had started tweeting. As far as we understand from the account, it appears that it has been used to display data that it steals from its victims. The first of these is Matrix, an open messaging protocol used by 60 million people worldwide. It was breached last week by the gang, which is claiming responsibility for the theft. 

On Twitter's page, several links appear to provide access to leaked data from the Matrix messaging platform as well, including "chief coder and saint thread" and "master stealer task." 

There are six links on Twitter's page, which appear to provide access to leaked data from the Matrix messaging platform. A member of the Tech Monitor team has reached out to Matrix for comment. Tweets are a favorite of ransomware gangs Ransomware gangs are not the first group of criminals to use Twitter as an outlet to promote the theft of data using ransomware. 

Several groups, including Karakurt and BlackByte, have created Twitter profiles for themselves to make their illicit merchandise more widely known to the world. In terms of Yanluowang's page, it appears to be still up, though both appear to be suspended, at least for the time being. A website set up by Karakurt on the open web was also used to sell their data to the highest bidder at the time of the hack. 

This method of data extortion is so common, even though it may prove to be short-lived and risky because cybercrime gangs experimenting with it need somewhere public and with a large reach that they can advertise their stolen data, according to Allen Liska, an intelligence analyst at Recorded Future. 

Liska told Tech Monitor in August that "Not everyone has a Tor browser, and Karakurt needs to be able to earn money as much as it can whether or not it can make any money from where it's getting its data," if it wants to succeed. Essentially, if you are trying to extort someone, you cannot make it difficult for them to obtain the data if your aim is extortion." A hacker could be attracted to Elon Musk's Twitter account in the wake of Elon Musk's acquisition of Twitter for $44 billion, Twitter is currently experiencing a period of upheaval that might last for years to come. 

It has been confirmed that Tesla CEO Elon Musk is now working for Twitter as their "Chief Twit" after completing the takeover of the company on Friday, which occurred after several months of legal proceedings. Musk expressed his intention to make Twitter into an environment where freedom of speech is a flourishing characteristic in the very public wranglings that preceded the deal, referring to himself as a "free speech absolutist" during the public debate that preceded the deal. The site is believed to change its approach to the way it moderates content shortly as a result of this change in approach. Before Musk's takeover, there was reportedly an increase in hate speech on the platform in the days leading up to his takeover. 

In this respect, hackers could reap the benefits of this, as they would be able to maintain accounts to advertise their illegal activities on the internet. CISO at cybersecurity vendor Recorded Future, Jason Steer, says that this is a possibility that can be just as easily nailed down. In his opinion, "hackers will continue to exploit other platforms like Telegram to promote their work and sell stolen data for decades to come, but he does believe that [Twitter's current issues] could be an opportunity for them."