Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management

As Twitter Downplays Outage, Security Concerns Persist

After Downtime, Musk Boasts of 'Significant Backend Server Architecture Changes'
As Twitter Downplays Outage, Security Concerns Persist
Photo: Kevin Krejci via Flickr/CC

Outage, what outage?

See Also: Ransomware Response Essential: Fixing Initial Access Vector

That was the message being promulgated by social network Twitter as its site remained unreachable for several hours Wednesday night.

It's the first major outage to be suffered by Twitter since Elon Musk bought the company for $44 billion in late October and began serving as its CEO. The uptime problems come amid ongoing concerns about the long-term security of Twitter's systems - and user data privacy - following last month's mass layoffs at the company, which included an exodus of cybersecurity staff.

Downdetector, a website that aggregates user reports of being unable to access a site or service, reported a spike in downtime beginning Wednesday evening.

"It basically forced me to log out and now i can't log in again. been trying every now and then for the past 30mins," a Downdetector user reported shortly thereafter.

Twitter's API status page has continued to report all systems operational, claiming there has been no disruption.

"That Twitter outage … looks like they DDoS'd themselves accidentally, they changed something in the login page which caused login requests to be constantly resubmitted by clients," said British security expert Kevin Beaumont in a Mastodon post.

Musk initially played down any suggestion of the service being disrupted.

Several hours later, however, Musk tweeted: "Significant backend server architecture changes rolled out. Twitter should feel faster."

Of course, website outages happen all the time. But Twitter is under extra scrutiny since Musk took control of the site and instituted mass layoffs.

In early November, internal company documents suggested Musk had fired 50% of Twitter's 7,500 full-time employees. A separate report by Platformer suggested that 4,400 out of 5,500 contractors had been eliminated. Many other key employees also exited, including Twitter's CISO.

Changing of the Guard

Musk says he plans to soon follow. On Dec. 20, he claimed he would step down from overseeing the social network - while continuing to own it - once a replacement was lined up.

During his tenure as Twitter CEO, Musk has continued to serve as the head of Tesla, SpaceX and other firms. But his social network leadership sojourn and the tone of his tweets seem to be taking a toll.

The value of Tesla's stock has plummeted by 70% over the course of the year, dropping from $400 per share in January to $113 at the close of trading Wednesday.

Seeking to bolster morale, Musk emailed Tesla staff to advise they not be "bothered by stock market craziness," Sky News reported.

Security Question

As Musk looks set to pass the Twitter leadership torch, one question remains: To what extent has Twitter addressed security concerns raised by Peiter Zatko, Twitter's cybersecurity chief until he was fired in January? Zatko - aka Mudge - filed a whistleblower complaint against Twitter, accusing previous CEO Parag Agrawal of prioritizing profits over user safety (see: Ex-Twitter Security Honcho Peiter Zatko Faces Senate Panel).

Twitter earlier this year agreed to a U.S. Federal Trade Commission consent order that requires it to maintain a robust privacy and information security program for the next two decades. The FTC is taking a closer look at Twitter's security and privacy controls following the mass layoffs, Bloomberg reported.

On Friday, a criminal data breach forum seller began listing scraped emails and phone numbers for 400 million Twitter users. The forum user, who uses the handle "Ryushi," said the records had been amassed by using "a vulnerability" to scrape Twitter's site (see: Hacker Claims to Have Scraped 400M Twitter User Records).


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.