Twitter’s Security Woes Included Broad Access To User Accounts

Twitter has struggled for years to police the growing number of employees and contractors who have the ability to reset users’ accounts and override their security settings, a problem that Chief Executive Officer Jack Dorsey and the board were warned about multiple times since 2015, Bloomberg reported Monday, citing former employees with knowledge of the company’s security operations. From the report: Twitter’s oversight over the 1,500 workers who reset accounts, review user breaches and respond to potential content violations for the service’s 186 million daily users have been a source of recurring concern, the employees said. The breadth of personal data most of those workers could access is relatively limited — including such things as Internet Protocol addresses, email addresses and phone numbers — but it’s a starting point to snoop on or even hack an account, they said.

The controls were so porous that at one point in 2017 and 2018 some contractors made a kind of game out of creating bogus help-desk inquiries that allowed them to peek into celebrity accounts, including Beyonce’s, to track the stars’ personal data including their approximate locations gleaned from their devices’ IP addresses, two of the former employees said. Concerns about Twitter’s ability to protect user data deepened this month after hackers hijacked the accounts of some of its most famous users, including political leaders, business titans and celebrities, as part of an apparent cryptocurrency scam. The pressure on Twitter to protect its users isn’t limited to the personal data it collects on them — which is minimal compared to some other social media sites — but extends to the influence its users wield, especially world leaders or the political dissidents who oppose them.