Secret Twitter Accounts Are Not What You Think

Do you have a Twitter account?  Have you been patting yourself on the back while assuming that your identity was a secret, allowing you to ply the waters of Twitter in anonymity?

Unfortunately, that’s probably not the case.  Recently, Twitter disclosed the existence of a critical security vulnerability that allows someone to discern whether a specific phone number or email address is associated with an existing Twitter account.

The company’s blog post related to the matter reads in part as follows:

“In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any.”

So much for anonymity.

Apparently, the flaw in the system arose from a code update that the company performed back in June of 2021.

The flaw existed in the code for a total of seven months before Twitter engineers discovered and fixed it. During that time, someone exploited it.  Data tied to more than 5.4 million Twitter users was found for sale on the Dark Web, with the hackers charging a hefty $30,000 (USD) for access.

Twitter has announced that they’ve begun the process of reaching out to any user whose data was compromised.

If you are contacted by Twitter regarding this issue, there’s really nothing to be done.  Your information is out there. Out of an abundance of caution, it would be wise to change your password. If you use the same password on Twitter that you use elsewhere on the web, change those too.

While we’re on that topic, if you are in the habit of using the same password across multiple web properties, now would be an excellent time to develop a new password habit.

New Phishing Scams Using Twitter Account Emails

Hackers around the world are increasingly targeting verified Twitter accounts with emails designed to pilfer your Twitter login credentials.

Verified Twitter accounts differ from standard Twitter accounts in that they sport a large blue check mark next to the user’s name, which indicates that the person who owns the account is someone of considerable influence on the platform.

To be considered for verified status, you must formally apply for verification, which involves sending the company additional information including website references and pictures of your Photo ID.  There’s even an “essay portion” to the process that requires you to tell the company in your own words why your account deserves to be “notable.”

If that all sounds a little over the top to you, you’re not alone and it is one of the reasons why there are comparatively few verified accounts.

Even so, if you decide you just must have one, be aware that hackers are watching. They’ve been increasingly targeting anyone with the big blue check mark because those accounts can be resold for more money.  The accounts typically have lots of followers attached to them, which means that the hackers can potentially get their hooks into even more people.

The latest campaign looks something like this:

You’ll get an email stating that you’ve got a new notification from Twitter Verified, which sounds fairly official.

The email in question contains a button labeled “Check Notifications” but unfortunately, when you do that, you’ll be asked to enter your Twitter login credentials to verify that it’s really you.

Naturally, entering your credentials here has nothing to do with verifying your identity.  What you’re typing in is a simple capture box controlled by the hackers, allowing them to pilfer your login details and then abuse them.

Don’t fall for it.  Your best bet is to assume any email from a company is fraudulent. Instead of clicking on links, surf your way to the company’s website directly.  That’s still not a bullet proof solution, but it will reduce your risk to something pretty close to zero.

Twitter Increasing Privacy With Stricter Picture And Media Sharing

Recently Twitter’s CEO stepped down. Since then, the company has been gearing up to make some changes that many of the industry’s insiders regard as long overdue.

The first of these changes has now been rolled out with the company modifying its privacy policy and outlining new rules related to the sharing of pictures and videos. The company explained the change and the rationale behind it in a recent blog post.

Their recent blog post reads in part as follows:

“Sharing personal media, such as images or videos, can potentially violate a person’s privacy, and may lead to emotional or physical harm.

The misuse of private media can affect everyone, but can have a disproportionate effect on women, activists, dissidents, and members of minority communities. When we receive a report that a Tweet contains unauthorized private media, we will now take action in line with our range of enforcement options.”

The company does understand that sometimes users may share photos and/or videos in a bid to help a third party in a crisis and their new policy does include some provisions to try and assess those on a case-by-case basis.

In the same blog post the company had this to say about cases like that:

“In such cases, we may allow the images or videos to remain on the service.

For instance, we would take into consideration whether the image is publicly available and/or is being covered by mainstream/traditional media (newspapers, TV channels, online news sites), or if a particular image and the accompanying tweet text adds value to the public discourse, is being shared in public interest or is relevant to the community.”

These are good changes overall. It will be interesting to see the early results of the company’s case-by-case assessment where those exceptions are concerned. In any case kudos to Twitter for taking some important steps in the right direction.

Twitter Will No Longer Auto-Crop Photos On The Web

Twitter hasn’t had a very good relationship with auto-cropping. Images just haven’t historically displayed very well on the platform.

Fortunately that is soon changing. The company recently announced that it is dropping crop on the web altogether on both its Android and iOS apps.

It may seem like a small change but Twitter’s auto-cropping algorithm was at the heart of a controversy last year. That was when it was pointed out that there was evidence that the company’s auto-cropping algorithm favored white faces over black faces resulting in black faces getting cut out and white faces displayed more prominent.

Research into the issue revealed a minor bias but the issue wasn’t as serious as was being described. The company nonetheless decided to disable the feature and now it seems that it’s going away for good.

The coolest aspect of the change is that rather than getting a clumsily cropped image preview of your tweet viewers will get to see the entire image. That matters especially if you’re in the habit of posting memes which often lose much of their punch and impact if you can’t see the whole thing. Worse is that relatively fewer people are likely to click on your tweet to see the complete image if it’s cropped in such a way that it’s hard to tell what it is.

We applaud Twitter’s decision here. They weren’t very good at auto-cropping anyway. Abandoning the feature makes the platform richer and more interesting. That’s the kind of thing that attracts users and advertising dollars. So kudos to Twitter all around.

It’s also great from a marketing perspective. So if your business leverages the power of Twitter there’s even more to smile about. You won’t have to worry that your image heavy advertisements and branding tweets are getting cropped in inconvenient ways.

Twitter Rolls Out New Paid Plan Called Twitter Blue

One of the things that has allowed social media platforms to grow so quickly and utterly dominate the internet is the fact that they’re free to use.

They’re not completely free however because users are required to give up a lot of personal information. The bottom line is that there’s no monetary cost involved which makes them attractive.

Twitter is attempting to break that mold. The company recently announced the roll-out of Twitter Blue in the US, New Zealand, Australia, and Canada. Twitter Blue is a premium service priced at $2.99 a month which is functionally similar to the Twitter you’re currently using with a few key upgrades and enhancements.

Twitter Blue Includes:

  • An “Undo Tweet” feature that allows users to take a Tweet back if they decide maybe they shouldn’t have posted it after all–provided you make use of the function within sixty seconds of posting the Tweet to begin with
  • No advertising for stories accessed through the site
  • Customizable pages
  • Customizable feeds

Twitter had this to say about the new service:

“We’ve been listening to and learning from the most passionate and vocal people on Twitter as to what will make their experience more customizable, more friction-less, and simply put — better. We’re invigorated by the feedback we’ve received so far. The work continues and there’s a lot more to build, but in the meantime here’s the latest look inside Twitter Blue.”

It’s a bold idea but it’s also a risky move. With so many social media alternatives out there it’s unknown how well a Twitter subscription service will be received. One thing that could make it more attractive is a better and more robust moderation system but there will no doubt be at least some users who are sufficiently invested in Twitter to try it out.

In the long run the market will survive. The best outcome for Twitter is of course broad based acceptance of the idea. That will lead to other platforms doing something similar. Worst case is that users will be so put off by the notion that they’ll abandon Twitter altogether. That will almost certainly prevent others from even experimenting with paid versions of their services. Time will tell.