As USA Today reports, one source of concern relates to the Musk’s stated plans to transform Twitter into an “everything app.” While prior Twitter breaches compromised email addresses and phone numbers, selling products or services would involve collecting users’ payment information—and cyber pros said the company needs to gain trust that such data will be safe.
Peter Singer, a strategist at left-leaning think tank New America, wrote for Defense One that some of the cybersecurity risks of Musk’s Twitter takeover stem from the mercurial tech honcho himself. Singer notes that Tesla—another company Musk serves as CEO—depends heavily on staying in the good graces of authoritarian China. Singer points out that Saudi Arabia’s rulers are also Twitter’s second-biggest shareholders.
What’s more, Singer contends, Musk’s track record on cybersecurity is particularly abysmal—“worse than Tesla’s autopilot.” Breaching a Tesla has been commonplace at hacker events for a decade, and the company allegedly has failed to stay ahead of bad actors.
As The Washington Post reports, Twitter has plenty of pre-existing cybersecurity issues. Prominent cybersecurity player and Twitter whistleblower Peiter “Mudge” Zatko said the company failed to safeguard user data and even deceived the Federal Trade Commission, although Twitter has denied the claims and attacked Zatko’s job performance.
Musk’s publicly stated views are shifting and unpredictable, but recently announced job cuts at Twitter represent another security concern, experts say. And it remains to be seen how Musk’s plan to charge a subscription fee for Twitter’s blue “verified” check marks will affect security. As The Hill reports, Christopher Krebs, first director of the Cybersecurity and Infrastructure Security Agency, said that the plan would “create a very chaotic environment” empowering threat actors.
Cybersecurity pros do seem to have formed a near-consensus in favor of one aspect of Musk’s apparent goals for Twitter. He has called for encrypting the service’s direct messages, a move that cybersecurity wonks have long supported.