X Under Siege: Data Leaks, Bots, and Security Failures

Features a conversation with Alberto Daniel Hill and his friends, where Alberto asserts that Twitter (now known as X) is "completely compromised".

The core of Alberto's concern stems from an alleged GitHub hack that specifically targeted the Twitter repository, impacting entries for the Chirp contest. He explains that an AI system called Co-pilot, owned by Microsoft and Open AI, was trained on open-source data and is somehow involved. This situation led to the leak of API keys from over 3,200 apps. While API keys are generally meant to allow applications to interact with Twitter's content, Alberto suggests that this leak could enable malicious actors to hijack accounts, even those with two-factor authentication. Such a compromise could allow them to create or take over verified accounts belonging to major news stations or public figures, subsequently promoting fake news, manipulating markets, or running cryptocurrency scams.

This alleged vulnerability is particularly alarming due to Twitter's significant role as a news source. Alberto highlights that 90% of people trust Twitter most for news, especially breaking news. This trust makes the platform a powerful tool for manipulation, as forcing specific news into users' feeds could effectively change who people vote for in elections. He calls this "major" and capable of "literally changing the news in countries".

The security concerns on X extend beyond just leaked API keys. Forbes reports that 200 million X user records were released by a "data enthusiast" named ThinkingOne, building upon a January 2022 vulnerability that allowed access to user data via email or phone number. ThinkingOne claims that 2.8 billion records were exfiltrated, potentially making it the "largest social media breach ever". This extensive dataset includes sensitive profile metadata such as:

• X screen names and user IDs
• Full names and locations

The platform is also grappling with a significant bot problem. Estimates vary widely, with some posts from early 2025 suggesting that 60% to 85% of accounts could be bots, while others peg it around 15% or 64%. These bots, particularly the malicious ones, are implicated in:

• Spreading fake news and misinformation
• Manipulating public opinion and political propaganda
• Engaging in scams and spamming
• Causing ad sales volatility and diminishing advertisers' return on investment

Twitter, under Elon Musk's leadership, has undergone numerous changes, with rules and policies shifting frequently. While Twitter has implemented measures like detecting and suspending malicious bot accounts and introducing bot labels for transparency, a former security chief, Peiter Zatko, alleged "extreme, egregious" cybersecurity vulnerabilities, claiming that nearly half of Twitter's employees had access to critical software, making it highly susceptible to hacks. He also alleged that Twitter misled the public about the number of fake accounts and bots on its platform. The Political Studies Association asserts that despite Twitter's efforts, these measures are "not enough" because sophisticated bots can bypass safeguards, and even simple bots can survive for thousands of tweets. Furthermore, the sheer volume of automated content makes it nearly impossible for humans to correct all false information, and corrections may not be seen due to the platform's structure.

The constant issues, including data breaches, bot proliferation, and the potential for information warfare, contribute to a sense of frustration and skepticism among users and even insiders, as conveyed by Alberto. Despite Twitter's claims of taking privacy seriously and implementing new policies, critics argue that the actual fixes are either too slow or indicative of a deeper issue, possibly even incompetence or a desire for manipulation. This situation leaves the platform's integrity and its role as a reliable source of information in question.

ALBERTO DANIEL HILL

https://x.com/ADanielHill

https://linktr.ee/adanielhill