Skip to main content

More than 1,000 Twitter employees reportedly have complete access to accounts

The high-profile cryptocurrency scam that took place last week has underlined the broader vulnerabilities in Twitter’s infrastructure as new details about it continue to unfold. Now, a new Reuters report reveals what may have brought the social network’s security crumbling down in the first place: More than 1,000 people at the company had the ability to control everyone’s accounts.

Reuters says these employees, which also include hires from third-party contractors such as Cognizant, have access to internal tools that potentially allows them to switch sensitive user settings. More importantly, they have the option to hand this access to anyone else by sharing their credentials — which is what reportedly led to the hack last week as per a few outlets.

Related Videos

In response, Twitter told Digital Trends that it’s “always working on increased security protocols, techniques, and mechanisms generally and for anyone with access to account support tools.”

A spokesperson for the social network added that each team member is only offered account access “with a valid business reason” and “when they need to work on the customer support issues they support.” The company claims that there’s no indication that any of its third-party partners that work on customer service and account management played a part in the hack.

Twitter has, over the last week, shared a series of startling results of its ongoing investigation which it’s conducting alongside the FBI. In a tweet, it said the attackers targeted a total of 130 accounts, eight of which had their complete Twitter information compromised through the data export tool. However, Twitter claims none of them were verified accounts. Hackers also accessed direct messages of 36 of these profiles including one elected official from the Netherlands.

“We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can,” the company tweeted last week.

Employees at Twitter have always had a worrying level of access to accounts. Two years ago, a rogue employee deactivated President Donald Trump’s profile on the last day of his job. Since then, while the social network has ramped up protections for national leaders, it’s clear that the company still has a long way ahead and needs to revamp how its internal tools function.

Editors' Recommendations

Twitter finally confirms it’s behind outage of third-party Twitter apps
A stylized composite of the Twitter logo.

Twitter has finally confirmed what everyone pretty much already knew -- that it’s behind the outage of popular third-party Twitter clients such as Tweetbot and Twitterrific.

In a message posted on its Twitter Dev account for developers, the company said: “Twitter is enforcing its long-standing API rules. That may result in some apps not working.” But it declined to offer any details about what API rules the developers of the third-party apps have violated.

Read more
Twitter could sell usernames via online auctions
A lot of white Twitter logos against a blue background.

Since taking over Twitter in late October in a deal worth $44 billion, Elon Musk has been looking for ways for the company to generate much-needed revenue.

After slashing staff numbers and upping the subscription price of the premium Twitter Blue tier, the social media firm could be about to auction off usernames of dormant accounts, according to a New York Times report on Wednesday, January 11.

Read more
Thanks to Tapbots’ Ivory app, I’m finally ready to ditch Twitter for good
Profile displayed in Ivory app

Ever since Elon Musk took ownership of Twitter, it’s been one chaotic new thing after another. You literally cannot go a day (or a few days or even a week) without some stupid new change to the site — whether it’s about checkmarks for verified or Twitter Blue subscriber accounts, how links to other social networks are banned and then reversed, view counts on Tweets, or something else. I can’t keep up with every little thing that has happened since the beginning of November, and it feels like the spotlight is always on the toxicity of the site in general.

New Twitter alternatives have been popping up recently, but it seems that the most popular one continues to be Mastodon. I originally made a Mastodon account back in 2018 when it first launched, but it never clicked with me back then, and I eventually went back to Twitter. With the Musk mess, I tried going back to Mastodon, but again, it didn’t really click with me — until Tweetbot developer, Tapbots, revealed its next project: Ivory.
The significance of Tapbots and Tweetbot

Read more