Twitter C-Level Resignations Continue As Blue Program Creates New Cyber-Risks
Several of Twitter’s C-level security and privacy executives have resigned following the chaos that ensued from the Elon Musk acquisition of the social media platform.
“I’ve made the hard decision to leave Twitter,” said the company’s now-former chief information security officer Lea Kissner in a tweet on Thursday.
“I’ve had the opportunity to work with amazing people, and I’m so proud of the privacy, security, and IT teams and the work we’ve done.”
Twitter’s chief privacy officer and compliance officer have also left the company over the last two days, quoting concerns that the rollout of new features on the social media platform without the security reviews required by a Federal Trade Commission (FTC) consent decree could spark regulatory issues.
“We are tracking recent developments at Twitter with deep concern,” said Douglas Farrar, the FTC’s director of public affairs, who had confirmed the concerns.
“No CEO or company is above the law, and companies must follow our consent decrees. Our revised consent order gives us new tools to ensure compliance, and we are prepared to use them.”
Additionally, the massive reduction in the labor force and the recent resignations by C-level cybersecurity and privacy executives will create a vacuum, according to Tom Kellermann, senior VP of cyber strategy at Contrast Security.
“Lack of investment in cybersecurity and content moderation will allow for cyber spies and cartels to launch targeted cyber-attacks from the platform,” Kellermann told Infosecurity.
“Confusion over security policies and new management of the platform will be used by attackers to drop payloads and attacks, not just disinformation.”
One of the controversial features hastily introduced by Twitter is the now infamous Blue program, which grants users multiple benefits for $8 a month, including the much-sought blue badge (formerly used to verify notable personalities and organizations).
“The new method of verification makes a mockery of the system, and we are already seeing scammers take advantage of it,” said Jake Moore, global cybersecurity advisor at ESET.
“Fraudsters can now very easily dupe people into believing they are authentic, and many could fall for scams or spread misinformation very quickly.”
Moore also told Infosecurity that, apart from checking follower counts, it is now challenging to carry out further due diligence on account holders, which places a considerable threat on users and what is genuine.
“Users must take active caution when using the site now and steer clear of any requests for personal information or credentials. It is also worth noting that Twitter Blue will not contact you via an email requesting payment details as this can only be carried out via the app.”
Case in point, earlier this month, Twitter users with “verified” status were bombarded by phishing attempts via email and on the platform itself.