The COVID-19 pandemic era will be remembered as a uniquely disruptive period that altered the lives of billions of citizens globally, resulting in new-normal for the way people live and work. With the coronavirus pandemic, businesses, governments, and educational institutes adapted to the "work or study from home" operating model that has not only transformed our online lives but has also exponentially increased the use of cyberspace. Concurrently, there has been a huge spike in the usage of social media platforms such as Facebook and Twitter during the COVID-19 lockdown periods.These lockdown periods have resulted in a set of new cybercrimes, thereby allowing attackers to victimise users of social media platforms in times of fear, uncertainty, and doubt. The threats range from running phishing campaigns and malicious domains to extracting private information about victims for malicious purposes. To this end, it is vital to analyse the impact of drastic transformations that were taken during lockdown periods on the security and privacy of users.This research paper performs a large-scale study to investigate the impact of lockdown periods during COVID-19 pandemic on the security and privacy of social media users. We analyse 10.6 Million COVID-related tweets from 533 days of data crawling and investigate users' security and privacy behaviour in three different periods (i.e., before, during, and after lockdown). Our study shows that users unintentionally share more personal identifiable information when writing about the pandemic situation (e.g., sharing building name, nearby coronavirus testing location) in their tweets. The privacy risk reaches to 100% if a user posts three or more sensitive tweets about the pandemic. We investigate the number of suspicious domains shared in social media during different phases of the pandemic. Our analysis reveals an increase in the number of suspicious domains during the lockdown compared to other lockdown phases. We observe that IT, Search Engines, and Businesses are the top three categories that contain suspicious domains. Our analysis reveals that adversaries' strategies to instigate malicious activities change with the country's pandemic situation.