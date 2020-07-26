A major hacking effort recently disrupted a number of high-profile Twitter accounts, including those of Joe Biden, Bill Gates, Elon Musk, Apple, Uber and more.
Using an internal tool meant for employees, unidentified hackers gained control of the accounts, posting messages requesting cryptocurrency.
But the hackers also had access to the private direct messages of the affected accounts, a major security and privacy breach. All the more frustrating is that Twitter could have prevented the threat by offering end-to-end encryption of direct messages sent via its service.
Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation, a digital privacy nonprofit, tweeted after the hack that “Twitter wouldn’t have to worry about the possibility that the attacker read, exfiltrated, or altered DMs right now if they had implemented e2e [end-to-end encryption] for DMs like EFF has been asking them to for years.”
EFF has been calling for Twitter to implement end-to-end encryption since 2018, explaining that the technology “ensures that a message is turned into a secret message by its original sender and decoded only by its final recipient. That means nobody but the end users would be able to read those messages.”
End-to-end encryption has become a prominent feature of messaging apps like WhatsApp, Signal and iMessage. And given how Twitter has become an invaluable tool for activists, dissidents and journalists to communicate, many believe the platform should get onboard with the technology. Some, including privacy champion Sen. Ron Wyden, R-Ore., wonder why Twitter has not implemented end-to-end encryption.
In a statement released following the hack, Wyden said he met privately with Twitter CEO Jack Dorsey in September 2018 before congressional testimony in September 2018. “During that conversation, Mr. Dorsey told me the company was working on end-to-end encrypted direct messages,” Wyden said. “It has been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access.”
Wyden added that if the hackers gained access to users’ direct messages, “this breach could have a breathtaking impact.”
Twitter should have to answer to users, investors and lawmakers as to why it failed to implement commonsense privacy measures that could have added another layer of security in the event of a breach like the one that occurred.
In the meantime, those using Twitter for privileged communications might want to consider going elsewhere.
Pittsburgh Post-Gazette