Light Dark
April 26, 2023 By Jennifer Gregory 2 min read
News

Customers pay for additional features along with their purchases all the time. You can upgrade a car’s seats from fabric to leather, or pay for more analytics on a marketing automation platform. But the new upcharges for security features on social media accounts have experts concerned about the overall impact on cybersecurity.

Many increasingly wonder whether basic security should be accessible to all users, regardless of whether they pay for it.

Twitter and Meta announce paid features

As of March 20, 2023, only subscribers to Twitter Blue, which is an upgraded account that starts at $8 a month, can use two-factor authentication through text messages. In addition to the security features, Twitter Blue verifies the user’s identity and prioritizes their tweets.

Previously, all users could set their accounts to send a text code for new logins to prevent unauthorized access. Twitter’s blog explained that the decision was made because they have seen phone-number-based 2FA be used — and abused — by bad actors.

Meta also recently announced that its new subscription bundle, Meta Verified, offers impersonation protection for Facebook and Instagram users as part of its paid features. Meta Verified will cost $11.99 on the web and $14.99 on iOS and Android. Other features include a verified badge, increased visibility and human support.

Experts concerned about inaccessibility to security

Because many cyber crimes originate through social media, experts are concerned about the impact of this shift. While all accounts will have basic protection, only users who can afford to pay will have the higher-level protections. Additionally, other users who do not understand the benefits may not opt to subscribe to the premium accounts.

“The thing that strikes me is that security should be baked into everything we do, not a paid-for service,” Charles Henderson, global head of IBM’s X-Force threat management division, told the Washington Post. “It should be on by default.”

To make the issue even more concerning, Twitter Blue is only offered in the U.S., Canada, Australia, New Zealand, Japan, the U.K., Saudi Arabia, France, Germany, Italy, Portugal, Spain, India, Indonesia and Brazil.  This means users simply no longer have access to 2FA without having to use a separate app, which further compromises the cybersecurity of the social media platforms. While the platform plans to expand the premium account to other countries, there is no definitive timeline.

Less security, more risk

Based on these factors, experts predict that limiting security features to premium accounts will increase the overall cybersecurity risk. The effect of fewer users having full protection will affect the overall state of cybersecurity. As fewer social media users have access to additional security features, social media platforms will increasingly become more vulnerable. Because cyber criminals use social media to access other systems as well as personal information, decreased security may have a cumulative effect on cybersecurity overall.

However, the cybersecurity community can work to reduce the overall risk through continued user education. By providing information on other ways to improve security, experts can help users reduce their risk on social media platforms. That will be an important step towards improving global cybersecurity.

 |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

December 9, 2024

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally. The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets. Who is exploiting the NGFW zero-day? As of now, little is known about the…

December 2, 2024

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature