The Cybersecurity Takeaway from Twitter’s Verification Chaos


Twitter has been verifiably bonkers since electric car and rocket mogul Elon Musk took over and reworked the social network’s long-standing verification system. This provides a valuable lesson about the link between verification or authentication and between security and usability. 


It all started in early October when Musk closed the Twitter deal and claimed that the purchase would accelerate the creation of an “everything app” called “X”. Based on Musk’s history and statements, it appears that “X” would be a Weibo-like super app combining banking, transactions, ticket and hotel booking, calls and other apps and, of course, social networking and messaging. 


The Twitter Blue Experiment


Musk promised to replace Twitter’s “lords & peasants” verification system with a “power to the people” system that would give Twitter Blue subscribers a blue verified badge for $7.99 per month. This Twitter Blue subscription would also prioritize subscribers in replies, mentions and searches. In other words, Twitter would de-prioritize non-subscribers, equivalent to an email spam filter. 


While the press called the scheme “paid verification”, it was nothing of the sort. Identities would not be verified. 


Then Twitter rolled out the verification badge for unverified Twitter Blue subscribers, and chaos immediately ensued. Fake accounts with paid-for verification badges emerged for politicians, sports figures and others. They also popped up for brands like PepsiCo, Nintendo and, most publicly, the pharmaceutical company Eli Lilly. 


The newly “verified” Eli Lilly fake account tweeted that insulin would be made free. A temporary dip in the company’s stock price was attributed by some to the tweet. Other major brands, companies and people ..

Support the originator by clicking the read the rest link below.