Customers pay for additional features along with their purchases all the time. You can upgrade a car’s seats from fabric to leather, or pay for more analytics on a marketing automation platform. But the new upcharges for security features on social media accounts have experts concerned about the overall impact on cybersecurity.

Many increasingly wonder whether basic security should be accessible to all users, regardless of whether they pay for it.

Twitter and Meta Announce Paid Features

As of March 20, 2023, only subscribers to Twitter Blue, which is an upgraded account that starts at $8 a month, can use two-factor authentication through text messages. In addition to the security features, Twitter Blue verifies the user’s identity and prioritizes their tweets.

Previously, all users could set their accounts to send a text code for new logins to prevent unauthorized access. Twitter’s blog explained that the decision was made because they have seen phone-number-based 2FA be used — and abused — by bad actors.

Meta also recently announced that its new subscription bundle, Meta Verified, offers impersonation protection for Facebook and Instagram users as part of its paid features. Meta Verified will cost $11.99 on the web and $14.99 on iOS and Android. Other features include a verified badge, increased visibility and human support.

Experts Concerned About Inaccessibility to Security

Because many cyber crimes originate through social media, experts are concerned about the impact of this shift. While all accounts will have basic protection, only users who can afford to pay will have the higher-level protections. Additionally, other users who do not understand the benefits may not opt to subscribe to the premium accounts.

“The thing that strikes me is that security should be baked into everything we do, not a paid-for service,” Charles Henderson, global head of IBM’s X-Force threat management division, told the Washington Post. “It should be on by default.”

To make the issue even more concerning, Twitter Blue is only offered in the U.S., Canada, Australia, New Zealand, Japan, the U.K., Saudi Arabia, France, Germany, Italy, Portugal, Spain, India, Indonesia and Brazil.  This means users simply no longer have access to 2FA without having to use a separate app, which further compromises the cybersecurity of the social media platforms. While the platform plans to expand the premium account to other countries, there is no definitive timeline.

Less Security, More Risk

Based on these factors, experts predict that limiting security features to premium accounts will increase the overall cybersecurity risk. The effect of fewer users having full protection will affect the overall state of cybersecurity. As fewer social media users have access to additional security features, social media platforms will increasingly become more vulnerable. Because cyber criminals use social media to access other systems as well as personal information, decreased security may have a cumulative effect on cybersecurity overall.

However, the cybersecurity community can work to reduce the overall risk through continued user education. By providing information on other ways to improve security, experts can help users reduce their risk on social media platforms. That will be an important step towards improving global cybersecurity.

More from News

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read

Google’s Bug Bounty Hits $12 Million: What About the Risks?

4 min read - Bug bounty numbers have never been better. In 2022, Google rewarded the efforts of over 700 researchers from 68 different countries who helped improve the security of the company’s products and services. The total amount of awards grew from $8.7 million paid in 2021 to $12 million in 2022, a nearly 38% increase. Over the past few years, bug bounty programs have gained significant traction. Companies have been lured in by the potential to identify vulnerabilities quickly, enhance product security…

4 min read

Swiss Army Knife Malware Slices Through Systems In so Many Ways

4 min read - What if one single malware strain could cut through any security that tried to stop it? In a new study of more than 550,000 live malware strains, the Picus Red Report 2023 has unveiled a trove of over 5 million malicious activities. In the report, researchers identified the top tactics utilized by cyber criminals in 2022. Picus' findings also highlighted the growing prevalence of "Swiss Army knife malware". This type of malicious software is capable of executing a range of…

4 min read

Will Threat Actors Face Layoffs in 2023?

2 min read - You can’t look at the news these days without reading about layoffs in the technology sector. Roger Lee, founder of told that more than 120,000 tech employees lost their jobs in 2023 as of Feb 27, compared to 161,411 in all of 2022. However, all layoffs aren’t bad news. Most people don’t think of criminals losing their jobs. But if the criminal activity isn’t making money, then it makes no sense to continue. And that is happening in…

2 min read