Culture

Former Twitter employees say hundreds had access to deeply sensitive internal systems

1K

The number of workers that reportedly had access to deep security protocol.

Shutterstock

The hacking spree that took place on Twitter recently stunned pretty much everyone who uses the platform. Officially, the company attempted to defend itself against criticism regarding security protocol, saying that a "small number" of employees were manipulated and compromised as part of the hacking incident. In an exclusive report by Reuters, however, two former and anonymous Twitter employees revealed that at least 1,000 Twitter employees and contractors have access to internal security systems.

These tools wield considerable power and access, including the ability to change a user's account settings without their explicit permission and even transfer this information to other individuals. It's no trivial matter. The stunning breach caused significant material damage as well, as reports indicate attackers ultimately bagged around $120,000 in bitcoin.

Not exactly impenetrable — As of 2020, according to these former Twitter employees, at least 1,000 workers and contractors (including those at Cognizant) had access to security tools, which is a major red flag according to cybersecurity analysts.

In order for a security system to be impenetrable, experts say that the responsibilities should be spread across the staff while access for the most sensitive subject matter should be strictly limited to a few. Analysts also encourage frequent reviews and alarm checks in order to mitigate the likelihood of exposed user credentials, locked accounts, access to direct messages, and more.

What Twitter officially said — Soon after the security breach took place, Twitter announced through a company blog post that hackers targeted its employees by way of a curiously phrased "social engineering scheme." Twitter explained this as a method of "intentionally manipulating" individuals into carrying out actions and revealing classified information from within the company. It went on to say that a "small number of employees" were manipulated through this social engineering project and that the company's internal two-factor authentication became a primary target.

Of note, Twitter claimed that the hackers had access to its "internal support teams," which ultimately led the attackers inside 45 Twitter accounts. Among those hacked were Joe Biden, Elon Musk, Bill Gates, Mike Bloomberg, and others.

Hurry up — Breaches happen. Hackers get in. But Twitter is not a small network and the timing of this attack is particularly troublesome. With the November presidential election around the corner, Twitter simply cannot afford to become a victim of sophisticated attacks like this one. Already there are theories about who possibly did it, but what's clear is that Jack Dorsey's security philosophy needs an immediate and solid makeover.