For years, Twitter has wielded a disproportionate amount of influence relative to its actual size. Platforms like Facebook, Instagram and YouTube dwarf Twitter’s user base, but Twitter has long been a go-to platform for politicians, executives, celebrities and journalists to make news and shape culture. It’s that influence, and the long list of big names actively on the platform, that may only lead to greater attention from hackers.
“If you’re able to compromise blue check mark users [verified accounts], that carries a lot of weight,” said Katie Moussouris, founder and CEO of Luta Security.
Some of these verified accounts, including many of the ones compromised on Wednesday, have millions of followers, the power to move markets and influence world events, making them incredibly valuable targets for hackers.
Because information on Twitter spreads so quickly, it also makes the service attractive to bad actors. “Twitter by nature is intended to be like a wire service,” said Douglas Schmidt, a professor at Vanderbilt University and cybersecurity expert. “Its reach is even greater in real time than Facebook’s.”
To make matters more complicated, Twitter has fewer resources than a company like Facebook, which has a market valuation more than 20 times greater than that of Twitter. As of the end of March, Twitter had more than 5,100 employees worldwide, while Facebook had 48,268 employees globally.
Other companies may have more sophisticated security systems in place, where no single person has access to sensitive information and accounts or controls without other checks and guardrails, Schmidt said.
Twitter did not immediately respond to a request for comment.
“Good cybersecurity is so often getting the basics right over and over again: strong passwords, good multi-factor authentication … a willingness to test systems until they break to learn how to improve them, and more. It may be that Twitter has some work to do on this basic blocking and tackling,” he said.
If this latest security breach shows anything, it’s that bad actors will only continue to try to find ways to exploit the platform.