Twitter has been targeted by users with malicious intent ever since it started to become increasingly popular. One of the biggest problems up to yesterday were direct messages which one Twitter user could send to another. Links posted in those direct messages were not scanned by Twitter before they were send out, only after they have been.
This meant that it was extremely easy to attack Twitter users by sending them direct messages containing links that lead to malicious websites, or executed malicious code on the computer system.
Since links were not scanned by Twitter before the scan, messages containing links would land in the user's inbox where users could interact with them.
Yesterday, Del Harvey, the Director of Twitter's Trust and Safety team, announced a major change to how direct messages are processed by Twitter.
Today, we’re launching a new service to protect users that strikes a major blow against phishing and other deceitful attacks. By routing all links submitted to Twitter through this new service, we can detect, intercept, and prevent the spread of bad links across all of Twitter. Even if a bad link is already sent out in an email notification and somebody clicks on it, we'll be able keep that user safe.
The service added a scan to all urls that are posted as direct messages on Twitter before they reach the recipient. This protects users from attacks that use the service's direct messaging system to get users to click on malicious links.
Twitter can now "detect, intercept, and prevent the spread of bad links across all of Twitter" by "routing all links submitted to Twitter through this new service". The information on how the processed messages are handled are a little vague. Dan only mentions that most Twitter users will not notice this new security measure at all and that that those that will notice "links shortened to twt.tl in Direct Messages and email notifications".
If you like our content, and would like to help, please consider making a contribution: