Why a security meltdown at Twitter is now a 'nightmare' waiting to happen

Twitter’s mass departure of employees leaves the platform vulnerable to a wide variety of problems. It is just a matter of time until the social media platform succumbs to a major glitch, technology experts say. Its workforce is now a fraction of the size it was when Elon Musk took over at the end of October. Mr Musk this week asked employees to sign on to a more “hardcore” version of their jobs or leave . A large number opted out . Several teams that were critical to keeping the service up and running are completely gone, or borrowing engineers from other groups, sources say. That includes infrastructure teams that keep the main feed operational and maintain tweet databases. #RIPTwitter trended on the site, as users and departed employees predicted an imminent shutdown and said their goodbyes. “It’s a pretty dark picture,” said Glenn Hope, an engineer who worked at Facebook and Instagram. "The amount of tribal knowledge lost is simply staggering, possibly unprecedented.” That does not mean that Twitter will shut down completely and unexpectedly. Remaining employees will probably be unable to fix issues in the code and the site will start to lose some functionality, or be vulnerable to a major hack, experts said. In general, computer servers do not run on autopilot. A platform such as Twitter requires all sorts of software to keep it running — from the front-end website that people scroll through to the back-end databases that store billions of tweets — and can be stressed during major global events such as the Qatar World Cup. The complexity of these systems means they may require constant tweaking, maintenance and institutional knowledge of the way things are set up. Small bugs become bigger problems if they are not fixed — and Twitter has a system with more than 1,000 micro-services, one former employee said. Bugs must be patched or they can become a threat to users’ security and data. It gets even more complicated if software was built under rushed or less-than-ideal circumstances, said Chester Wisniewski, principal research scientist at the cybersecurity company Sophos. “It’s a nightmare scenario for almost any firm, especially a tech firm,” he said. It is natural for network security at a platform such as Twitter to rot over time, as flaws in the company’s code base are found and nobody is left to fix them promptly, said Alec Muffett, a software engineer who has worked in host and network security for more than 30 years, including Facebook. The most plausible risks to Twitter’s network security now are account takeovers and privacy breaches, he said. With far fewer engineers left at the company to troubleshoot operations issues, there is a risk that some critical systems at Twitter will crash. “Like a table losing a leg, important parts of the site — or even the whole site — will fall over,” Mr Muffett said. Users may lose the ability to retweet or log in, for example. If a site is unreliable, people may give up on using it. Advertisers might also lose confidence that the promotions they are paying for are going to show up in front of the right people, further threatening Twitter’s financial future. There are other concerns beyond keeping the site available, Mr Hope said. With fewer employees, Twitter may have a harder time tackling thorny issues such as requests from foreign governments to take content down, the physical security of its data centres, or major events that lead to sharp increases in traffic and further tax its systems. Then there is the issue of user harm. If there are not enough adults in the room to constrain the poor behaviour of some users, as Mr Muffett put it, it could lead to a surge in upsetting trending content and abuse, further alienating visitors and advertisers. Much of the company’s trust and safety team declined to continue their employment at Twitter past Mr Musk’s deadline on Thursday, sources said. About half of the company’s information operations and threat disruptions teams also resigned, a source said. That leaves four US-based employees left to stamp out foreign disinformation campaigns on the platform. Large sections of Twitter’s global audience no longer have content moderation, including the entire Asia-Pacific region, except for one contractor who was hired to help with spam in the South Korean market, the source said. On Thursday evening, after hundreds of Twitter employees resigned, the website Downdetector.com, which gathers reports of websites not working, showed a sharp increase in service problems at Twitter. The issues continued into Friday, data on Downdetector’s website showed. Meanwhile, Mr Musk posted on Thursday evening that the site “just hit another all-time high in Twitter usage lol". Matt Navarra, a social media consultant and media analyst, said that while more people have probably been on Twitter in recent days, it was not necessarily a sign of sustainable growth. “The analogy people use is rubbernecking like with a car accident or a train wreck, and we’ve seen similar activity on platforms like Twitter when crises occurred,” he said. He said there was no evidence for quality or sustainability of growth on the platform, no matter what Mr Musk had said. For Mr Hope, Twitter’s path forward without catastrophe is looking “narrow, and growing more narrow by the day". “Twitter is the public square, for better or worse,” he said. "There’s nothing like it, and I don’t think anyone wins by us losing it.”

Why a security meltdown at Twitter is now a 'nightmare' waiting to happen

With its workforce severely depleted, the biggest risks to the company's network are account takeovers and privacy breaches, experts say