Twitter Has “Struggled For Years” To Control The Number Of Employees Who Have The Ability To Reset Accounts
Tyler Durden
Tue, 07/28/2020 – 17:35
Twitter, which suffered from a major hack about two weeks ago, has apparently “struggled for years” to police the number of people who have had access to the ability to reset user accounts and override security settings, according to Bloomberg.
In fact, Jack Dorsey and Twitter’s board were warned about the growing problem “multiple times since 2015”, according to four former Twitter security employees and “a half dozen” other people close to the company.
The report says that the company’s oversight over the 1,500 workers who have the ability to reset accounts, review user breaches and respond to content violations has been a source of “recurring concern” – and while the information these employees have access to is “limited” – is has been called “a starting point to snoop on or even hack an account”.
The problem is so well known that contractors reportedly made a game out of creating bogus help-desk inquiries in 2017 and 2018 so they could open up celebrity accounts – giving them access to personal data and IP addresses. In other words, Twitter is stalking its users…
Twitter said its oversight of its employees and contractors was not an issue during the recent hack: “We have no indication that the partners we work with on customer service and account management played a part here.”
Recall, we reported about two weeks ago that Twitter had said 130 accounts were compromised during the hack. We also noted that the FBI had launched an official inquiry into the massive security breach, according to Reuters.
The FBI said two weeks ago: “We are aware of today’s security incident involving several Twitter accounts belonging to high profile individuals. The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud.”
Twitter had initially commented that there was “no evidence that attackers accessed the passwords of its users”.
The massive hack allegedly originated from a Twitter employee with access to the company’s user management panel. The hack affected hundreds of billionaires and politicians, including Barack Obama, Joe Biden, Bill Gates, Kanye West, Elon Musk, Wiz Khalifa, Apple, Uber, Jeff Bezos and Benjamin Netanyahu.
Tweets urged people to send money to a Bitcoin address; over $113,000 was sent.
For the full details on the hack, you can read our report on it here. In addition to the hack, a subplot emerged when we reported that sources “close to or inside” the underground hacking community leaked a screenshot of what is allegedly an internal software panel used by Twitter to interact with user accounts.
The tool was said to be used to help change ownership of popular accounts and, in the case of the hack, was said to play a role in usurping the high profile accounts involved. Screenshots of the supposed internal software are being aggressively pursued and deleted from Twitter by Twitter itself, with the company claiming that they violate the platform’s rules.
Of particular interest are the buttons labeled “SEARCH BLACKLIST” and “TRENDS BLACKLIST”.
We asked earlier this month: Could these be tools actively used by Twitter to censor what Tweets and topics appear during searches and on its trends page?