The FTC investigation's specific concern with the Musk era is that the company is retaining adequate resources to fund and staff the privacy practices it remains obligated to in a 2011 FTC settlement.
Twitter cites abuse of the text messaging 2FA option by bad actors as the reason for the change in policy. The service will still allow free use of authentication apps or hardware security keys as an additional account security layer.
Twitter Now Claims Data Leak of 200 Million Profiles Was Phony, Data Set Was Assembled From Pre-Existing Sources
Security researchers had matched email addresses to account names, providing an indication that the data leak was legitimate, but Twitter says that the data was gathered via a variety of publicly available sources.
Irish DPC Adds Late December Data Breach of 400 Million Twitter Users To Existing Probe of API Vulnerabilities
The Irish DPC probe centers on an API vulnerability that appears to have been exploited by multiple parties before being detected and remediated. The data breach first came to light in August and was acknowledged by Twitter.
Data Leak Exposes Private Profile Information of 5.4 Million Twitter Users, Dumped for Free on Underground Forum
Vulnerability in Twitter's API in 2021 caused a data leak that exposed private user profile information of at least 5.4 million users. The information is now available for free via a dark web forum.
The now-public whistleblower allegations that Twitter may have active foreign spies on its payroll are sure to raise concerns about insider threats at companies everywhere. But focusing only on potential spies is a mistake.
Whistleblower Report Slams Twitter Security and Privacy Practices, Asserts Company Deceived Public and Is Employing Foreign Agents
A shocking whistleblower report from Peiter ‘Mudge’ Zatko, a well-known cybersecurity expert who served as Twitter's head of security from mid-2020 to early 2022, asserts that the company is "grossly negligent" in "several areas" of information security and privacy protections.
The problem stems from developers failing to remove the Twitter API keys they use for authentication from the app before they release it to the public. This creates the possibility of account hijacking.
The primary concern with Twitter’s zero-day security breach is that authoritarian governments might tie names to the anonymous accounts of activists, political opposition and journalists they are targeting.
$150 Million Fine to Twitter Over Privacy Violations; Email and Phone for “Account Security” Used in Targeted Advertising Without User Knowledge
Twitter has in recent years has begun periodically requiring phone number checks for "account security." What users have not always been aware of is that these items have been added in to Twitter's internal personalized advertising system.