View profile

Helping you understand security and privacy - Issue #1

Twitter was hacked over a month ago in the most visible social media hack to date. This raises the qu

Impact Assessment

August 19 · Issue #1 · View online
Security & privacy issues are often overcomplicated, let's simplify them.

Twitter was hacked over a month ago in the most visible social media hack to date. This raises the question, what’s changed since this came to light? That’s the question I explore in the latest episode of Impact Assessment.

One Month After The Twitter Hack, What Have We Learned? A Cybersecurity Expert Weights In
More details are available on the episode page at
Additional Thoughts
Since that episode went live, I’ve had some interesting discussions with people and wanted to provide some additional perspective on the issue (after all, that’s what this newsletter is about!).
Twitter is nominally a public social network. About 13% of Twitter users have private accounts. Why is that important? Because risk is made up of two factors;
  1. The impact of the event
  2. The likelihood of the event occurring
For the Twitter breach, the impact appeared significant (top accounts under malicious control) but really wasn’t that critical. The hack was highly visible and the reputation of the individual accounts wasn’t affected. Once it came to light that the attackers also got the DMs of these accounts? That was an unexpected consequence which increases the impact.
But the likelihood would’ve been rated as low. “There’s no way that an attacker will get control of our support tool”
…of course (it is 2020 after all) that’s exactly what happened.
This highlights a couple of key points;
  • Humans are bad at assessing risk. A whole bunch of cognitive biases & logical fallacies come into play that basically end up with everyone thinking they are an above average drive
  • Support tools exist for every major service and are a major risk for users of that service…a risk you can’t do much about and are often unaware of
Do you think that Twitter should’ve seen this coming? What should they do different to prevent this from happening again?
More to the point, does this change how you view your use of online services?
Reply to the email or hit me up on social (I’m @marknca on Twitter) and let me know.
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
@marknca, Box #9104, K2T 0A3, Canada