Several Twitter employees reportedly have the option to reset user accounts and change their security settings. This is a topic that Jack Dorsey, CEO and Board of Directors of the company, was warned about in 2015.
According to Bloomberg Twitter has more than 1,500 employees who can reset accounts and check user violations. This led to speculation that the July 15 attack could have been avoided if more timely action had been taken.
Security problems fixed
The report clarified that such credentials provide limited access to the majority of social security staff.. However, they do point out that this is “a starting point to spy on or even hack an account”.
The “Risk Factors” section of Twitter’s 10K Annual Report filed with the Securities and Exchange Commission (SEC) in 2015 confirms that Dorsey Co. has long been warned of this potential attack vector:
“Our security measures can also be violated due to employee errors, misappropriation or other violations. In addition, outside parties may fraudulently attempt to persuade employees, users or advertisers to disclose confidential information in order to gain access to our data or the accounts or data of our users or advertisers, or they may have access to such data or accounts . “
Twitter contractors tested problems in 2017
Bloomberg mentions that at one point in 2017 and 2018, Twitter contractors created a “game” that consisted of flooding the help desk with wrong queries and giving them access to celebrity accounts. They used this access to track personal data and approximate locations based on the owner’s IP addresses.
Twitter’s 10K 2020 annual report filed with the SEC related to “unauthorized” access:
“Unauthorized persons can also access Twitter IDs and passwords without directly attacking Twitter, and instead access people’s accounts using credentials from other recent violations and activate malware or victim machines that steal passwords for all websites Combination of both. “
Twitter’s recent attack released a fake Bitcoin Gift (BTC) through the accounts of some of the world’s most powerful verified accounts. These included Joe Biden, Elon Musk, George Wallace, Bill Gates, Kanye West, Kim Kardashian, Wiz Khalifa, Warren Buffett, Mike Bloomberg, Barack Obama and Jeff Bezos.