05/10/2020

Following the Twitter breach that allowed attackers to access internal admin tools and take over several prominent accounts last week, the company has now revealed that the attackers …

Following the Twitter breach that allowed attackers to access internal admin tools and take over several prominent accounts last week, the company has now revealed that the attackers also accessed DMs belonging 36 out of the 130 affected users including one elected official in the Netherlands.
This simply wont do, at a time when Twitter is a trusted communication platform for hundreds of millions of people around the world, as well as for global leaders. The debate around what sort of damage hackers could do by tweeting incendiary messages from the verified accounts of powerful people rages on, but its clear that they could do more harm by snooping on private correspondence.
US Senator Ron Wyden raised this concern last week in a statement, noting that hed discussed the issue back in September 2018 with Twitter CEO Jack Dorsey. The company is said to have been working on end-to-end encryption (E2EE) for DMs as far back as May 2018, but theres still no sign of that feature on the horizon.
[Read: Everything we know about how Twitters biggest hack went down]
In a post this week, the tech policy-focused nonprofit Electronic Freedom Foundation (EFF) highlighted the dangers of unsecured DMs in its call for E2EE to be implemented on Twitters messaging service:
because they are not end-to-end encrypted, so Twitter itself has access to them. That means Twitter can hand them over in response to law enforcement requests, they can be leaked, and in the case of this weeks attack internal access can be abused by malicious hackers and Twitter employees themselves.
We dont need any more signals that this is the logical next step for Twitter in the evolution of its product. As the tool of choice for so many voices, both in power and those fighting the abuse of power, its now obliged to secure their communications just as so many other companies have.
Pssst, hey you!
Do you want to get the sassiest daily tech newsletter every day, in your inbox, for FREE? Of course you do: sign up for Big Spam here.