It’s Time to Rethink How You Use Twitter
Yesterday’s giant security breach on Twitter has led various high-profile accounts – from Bill Gates to Barack Obama to even the eternally silent Apple – to tweet about the scam and force people to send money to the anonymous BitCoin wallet. There is nothing you can do to prevent one of the biggest social media hacks we’ve seen in a while, but there are steps you can take right now to become yourself from future disasters.
Well, other than deactivating your Twitter account , of course.
What the hell happened to Twitter?
Twitter really, really messed up this time around. There are no questions here. I’m sure brands, influencers, and famous people are furious that their security measures have been bypassed – even the stricter protections that Twitter imposes on super-known accounts – and fraudulent messages have been posted on their behalf.
To paraphrase: Successful fraudulent messages. The Bitcoin address associated with the message that appeared on the hacked accounts received a fair amount of donations from gullible users. (This brings me to my first tip after the Twitter disaster: no one on the internet wants to give you free bitcoins or money, especially when they ask you to give them money first. Come on people.)
Is there anything I can do to prevent such an attack?
I’m less interested in the story behind the hack than the aftereffects. Because even if you did everything right – a strong password, two-factor authentication, disabling access to third-party apps you no longer use, and enabling password reset protection – you could still be the target of this attack. It was so hard.
Removing Twitter is definitely one option, but it doesn’t seem like the best option. Whether it is or not, it is the de facto communication platform for real-time updates around the world. Twitter is an incredibly useful source of information on everything from protests to the weather , to sadly international diplomacy and other dire political decisions. It allows people who would never normally meet to engage in dialogue, although its very existence means that everyone, including those with deplorable looks, gets a mouthpiece and unlimited potential for amplification.
If you give me a second to get out of my box – and in fact many people threaten to leave social media but never do – I’ll list some of the steps you should take if or when you plan to continue using Twitter.
Clear your Twitter feed
I used to have a theory that publishing your personal life online for the public to see also creates an incredibly useful archive of memories, thoughts, and feelings for various moments in life. Poetic. However, the longer I stayed on social media, the more I realized that I didn’t give a damn about discovering meaningless memories of the past.
I never look back to see what I tweeted in, say, 2014, and I don’t think I will ever need or want to take a trip down digital memory lane for something from the past. Strong memories tend to stay with the person; fancy tweets about my ordering Taco Bell years ago are useless. That, and I also really don’t need or want people to look at what I tweeted years ago and get sad about my shithosting.
So, I delete my old tweets. We’ve covered how to do this earlier , and I’m happy to report that my new favorite (but fussy) tool, Semiphemeral , does a pretty good job of killing old thoughts you’ve posted on Twitter (as well as your various likes and retweets). There are tons of other services I haven’t tried, such as the simpler TweetDelete , so you have many options if you don’t like some of our recommendations.
Will this prevent someone from hacking your account in the future? No. But when they get in, will they be able to download your entire digital life and sort it out? Nope. (Anyway, would anyone really want to do this? Who knows.)
The point is different: why provide data about services that you no longer need or do not need? Don’t let this live forever; extinguish it.
Delete your direct messages on a schedule
You probably haven’t posted a lot of critical content on Twitter publicly, but who knows what you’ve shared or sent in private messages. If someone gains access to your account, you probably don’t want them to be able to see your private messages. However, if you are like me, you have never actually shortened or shortened your old private conversations – why bother when you can just do nothing and forget about them?
For security reasons, I recommend that you regularly delete your private messages. If you know that you will never need to refer to an old conversation, why leave it for no reason? At worst, this is a security threat, at best, an inconvenience. (And while Twitter doesn’t really get rid of them , at least whoever logs into your account won’t be able to benefit from what they contain.)
Bad news? I haven’t found a great tool yet that does this for free. DM Destroyer is an option, but it will set you back $ 5 – for coffee, but is also a deterrent for those who don’t want to pay to manage their content. I think it’s worth it, but it’s just me.
You can also try Twitter Archive Eraser , but there is no guarantee that it will be able to delete your private messages (as described in the appendix). There is a free version that you can try, but you’re limited to content from the past six months – no use if you want to destroy everything without paying for the privilege.
There is always a manual way that involves “leaving” every direct message (Twitter version of the deletion). It is tiring, but it will save you.
This is it?
Yeah. In the case of this “hack,” which was actually more of a feat of social engineering and / or outright bribery than anything else, there was no more you could do to protect your account. Great password? Two-factor authentication? They don’t do much good when someone gets superuser access to Twitter systems (or whatever ends up happening on a technical level this time around).
Do I suspect this situation will repeat itself on Twitter? Not really. There will be a big review of Twitter administrative access, which will undoubtedly involve reinvesting in the security hardware that must be physically present on the system in order to perform any basic operations with Twitter’s internal tools. Also, be prepared for more checks.
Would I like Twitter to roll out a similar security setting for users who required the presence of a physical device before you could do anything with your account? Sure, but then again, it doesn’t really matter as long as the enemy comes from within. Protecting against people trying to hack your account is one thing; it’s much harder to keep yourself safe when the king or queen of the castle is chasing you.
This is why I prefer my method. Instead of trying to prevent attacks that you really can’t mitigate, just make your account so stripped of useful information that even someone hacked can’t do much with what they have.
It won’t help you if someone hacks into your account and sends nonsense. All you can do is hope that your followers are smart enough to know what is from you and what is not.
However, Twitter shouldn’t be getting a free pass to do this, given how serious this attack could have been. (It is a miracle that we are not in the Third World War now). However, you can rest easy knowing that there really wasn’t much more you could have done to stop it. Only you can decide if this will be the last straw, or it will be convenient for you to come back for a new one.