Twitter has a new name, but rebranding to X could expose the social network’s users to a wave of security problems.
Twitter owner Elon Musk suddenly announced plans to drop the Twitter brand over the weekend, it what looks like another impetuous move by the social network’s owner.
Musk said the Twitter trademark will be discontinued. Musk’s logo was already changed to X. “And soon we shall bid adieu to the twitter brand and, gradually, all the birds,” Musk tweeted yesterday.
However, it seems Musk’s rush to drop the Twitter has created security problems that have alarmed experts.
Switching to X.Com
Among the many tweets (if they’re still called tweets, that is) that Musk has put out about the new brand is that Twitter has secured the x.com website domain.
However, the move to acquire to x.com appears to have only happened in the past few days, meaning many DNS servers—the key pieces of internet infrastructure that direct visitors to the correct website—are yet to catch up with the new ownership.
When I went to x.com in the morning, it was still showing that:
DNS changes can take 48 hours or more to fully propagate, suggesting Musk was so impatient to make the rebranding announcement that he couldn’t wait the two days or so it would take for the changes to flush through the system.
Furthermore, it doesn’t appear that the company has taken basic precautions, such as registering similar domains that can be easily mistyped by users. For example, xx.com is currently displaying a ‘for sale’ message. No one will be surprised to find out that xxx.com has pornographic content.
“Due to the soft launch and limited information online and even initial DNS problems, people searching for the new url could potentially come across copycat sites wanting to steal Twitter log in details,” said Jake Moore, global cybersecurity advisor at security firm ESET.
Phishing Attacks Risk
The risk that the bad guys will target you via email is another big concern when changing domains and names. This domain, xsafety.com, is also for sale. It could be acquired by thieves looking to launch phishing attacks, pretending to be from X’s safety team.
They could send a message along the lines of “We’ve noticed your account has been hacked, please click here to remedy the problem” with users being redirected to a malicious site that steals login credentials or installs harmful software on the victim’s computer.
The rushed Twitter rebrand makes “the perfect opportunity to send a phishing email requesting users to sign in via the new URL,” said Moore. “This could trick multiple users into handing over their credentials without their usual level of due diligence.”
Moore urges Twitter users to remain vigilant, especially in the coming days when the news about the brand’s launch spreads. “People need to remember to always err on the side of caution especially when presented with a log in request via an unsolicited email,” he said.
Twitter does not have a contact person for media inquiries. Contact email is a poop-emoji.