Is Threads Unraveling Already?

Meta (formerly Facebook) dominated the news cycles recently with their official launch of Threads - a direct competitor to Twitter.

By all accounts, the launch shattered records.?Within hours, 10 million people had signed up.?In less than a week, the new social media site had over 100 million users.

Clearly, Threads had a lot of excitement going for it, and for good reason.?Threads has marketed itself as a clone of Twitter from the old days - before the chaos of Elon Musk's takeover.?In addition, it currently doesn't have pesky advertisements, it lets you port over your Instagram followers (if you have them), and new users could potentially grab that cool username handle they always wanted.?Finally, early adopters had unique opportunities to grow their audiences quickly before too much competition crowded the field.

And yet…

Since the initial excitement and rush to sign-up,?engagement on Threads has slowly declined, with a dramatic day over day decrease in the number of active users and active time spent on the application.

So, what happened?

Data sharing and privacy concerns.

Okay, to be honest, it is probably a multitude of factors, but as we are a security company, I am going to focus on just this one.

iOS users installing the mobile app were faced with a slightly daunting list of data that “may be collected and linked to your identity", including health & fitness, financial information, user content, browsing history, purchases, contacts, location, search history, and more.

Since its launch, numerous tech articles and security blog posts have been written about the privacy nightmare of Threads. In fact, the privacy controls are so bad that Threads can't release in Europe, and is even?blocking European users attempting to access via a VPN?(indicating that Threads knows your real location even while on a VPN).

I have?written before?about how customers are growing increasingly concerned about security and privacy controls. At first, I thought that Threads may be bucking that trend.?

As it turns out… it was just on a delayed timer.?

Security News

• Tech giant Microsoft?disclosed on Tuesday evening?that it discovered a group of Chinese hackers had broken into some of its customers' email systems to gather intelligence.
• The?White House released?the first version of the implementation plan for its National Cybersecurity Strategy, including more than 65?initiatives aimed at mitigating cyber risk and bolstering investment into cybersecurity.
• As 40% of consumers harbor skepticism regarding organizations' data protection capabilities, 75% would shift to alternate companies following a ransomware attack,?according to Object First.
• A?Russian hacking group?has upgraded its skills to simultaneously target several thousand Ukrainian government information systems.
• Belarus state-linked hackers?are targeting government and military entities in both Ukraine and Poland with spear-phishing campaigns that deliver remote access Trojans.
• Cybercriminals may be using a generative AI tool called WormGPT to create convincing phishing emails to support business email compromise attacks. A new survey shows that 1 in 5 people fall for the fake, AI-generated emails,?according to cybersecurity researchers.
• Researchers are warning of an uptick in attacks using a series of?malicious Microsoft Office documents?designed to drop LokiBot, an information stealer capable of sweeping up credentials.
• Russia is mulling a ban?on iPhone use by government employees after a suspected American intelligence campaign exploited vulnerabilities in the device to spy on Russian staff. The ban is the latest in a slew of similar measures taken by Moscow against Western tech devices.
• Microsoft disclosed last week?an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents.
• SonicWall warned customers?last week to urgently patch multiple critical vulnerabilities impacting the company's Global Management System (GMS) firewall management and Analytics network reporting engine software suites.
• All-In-One Security, a WordPress security plugin installed on more than 1 million websites,?has issued a security update?after being caught three weeks ago logging plaintext passwords and storing them in a database accessible to website admins.

Until next time,

The?Craft Compliance?Team