Twitter Utilized User 2FA Phone Numbers For Ad Targeting

Twitter isn’t having a good year.  Over the past twelve months, the company has fessed up to half a dozen bugs and blunders that have left the company with egg on their faces and have earned the ire of their burgeoning user base.

In late 2018, the company disclosed a bug that shared a variety of private user data with third party app developers.

Then in January 2019, the company disclosed the existence of a bug that had been sharing a small percentage of private tweets going back more than five years.

Then in May 2019, the company disclosed a new bug that shared the location data of an unknown number of iOS users with “a trusted partner.”

On top of that, the month of August 2019 saw the company fess up to two separate issues. One issue involved sharing user data with advertising partners without their users’ express consent. The other was where advertisers made inferences about a user’s device in order to custom-tailor advertising. That, again, was without the express consent of the users.

Which brings us to this most recent blunder.  According to a spokesperson for Twitter, the company used phone numbers provided by its user base for two-factor authentication, along with email addresses, to display targeted ads.  This is the exact behavior that Facebook recently got raked over the coals for.

It gets worse though, because the company apparently has no data, and no way to tell exactly how many of its users saw their information exposed and misused in this manner.

The company issued a formal statement, apologized for the error, and said that the issue had been fixed as of September 17th.  That’s small consolation to their users, for whom this kind of thing is fast becoming the norm.  It’s enough to make some people rethink using the platform altogether, and rightly so.

 

Twitter Will Soon Release New Features With Update

Twitter recently announced the addition of a new “Hide Replies” feature, which will give the platform’s users a bit more control over conversations that stem from the tweets they make.

Twitter Senior Product Manager Michelle Yasmeen Haq had this to say about the new addition:

“With this feature, the person who started a conversation could choose to hide replies to their tweets.  The hidden replies would be viewable by others through a menu option.  We think the transparency of the hidden replies would allow the community to notice and call out situations where people use the feature to hide content they disagree with.”

This is the latest in an ongoing series of moves designed to improve the platform and help separate legitimate content from fake, spammy, scammy or abusive content.

According to a recently posted announcement, some of the changes ahead include:

  • An update to the company’s Terms of Service in a bid to simplify them.
  • The addition of more notices within the Twitter system itself to provide clarity and context, important in cases where a Tweet breaks certain rules but remains on the system because the content is in the public interest.
  • Streamlining the process of reporting to make it less burdensome for users who are reporting abusive Tweets to system administrators.
  • Further improvements and refinements to Twitters processes relating to content review, with an eye toward positioning the company to respond more quickly when abusive behavior is reported.

In recent years, Twitter has struggled against an onslaught of fake accounts that have been used to spread a variety of wildly inaccurate information and the company has been working hard to counter the threat.  They’ve been making progress, but clearly there’s still more work to be done.  The steps above are widely considered to be a powerful step in the right direction, although few are convinced that those things alone will be enough.

Social Media Is Big Business For Criminals

The rise of Social Media has been a game changer for businesses around the world, creating opportunities for customer engagement that were previously unimaginable.  Unfortunately, business owners aren’t the only ones reaping the benefits of Social Media.  The hackers of the world are in on the game too, and for them, Social Media represents a giant piggy bank that they’ve only begun tapping into.

Even now in the early stages of cybercriminal attacks on Social Media, the payoffs have been enormous. Social media attacks have been netting them a staggering $3.25 billion dollars a year.  As shocking as that figure might be, it’s important to remember that cybercrime on Social Media is a relatively new phenomenon.  Between 2013 and now, the number of cybercrime incidents involving social media has quadrupled.

The attacks take many forms, but one way or another, they come down to abusing the trust that is so essential for a functioning Social Media ecosystem.

Some attackers set up scam pages hawking illegal pharmaceuticals. Others gravitate toward cryptomining malware, while others still ply the Social Media waters intent on committing digital currency fraud or feigning a romantic connection to get money and personal information from their victims. Even if you’re one of the rare companies that doesn’t have a significant Social Media presence yet, that doesn’t mean you’re safe from harm.

Gregory Webb, the CEO of Bromium, recently spoke on the topic, outlining a danger that many business owners are simply unaware of.

“Social Media platforms have become near ubiquitous, and most corporate employees access Social Media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals.  Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high value assets.”

In light of this, it’s probably well past time to sit down with your employees and make sure they’re aware of the risks they’re exposing you to when they access Social Media accounts at work.