Following the recent hack that saw high-profile accounts tweet about a bitcoin giveaway scam, many have raised the question of how many people have access to Twitter’s “God mode”, as some call it.
Reuters reported Friday that the number of people with this access level earlier this year was more than 1,000, citing two former Twitter employees familiar with the company’s security practices.
More than 1,000 Twitter employees and contractors reportedly had access to Twitter’s “God mode” earlier this year, before the recent large-scale hack that saw many high-profile accounts tweet about a bitcoin giveaway. Twitter has confirmed that 130 accounts were targeted, and hackers accessed the private messages of 36 accounts.
Over 1,000 People With ‘God Mode’ Access to Twitter
The publication wrote:
More than a thousand Twitter employees and contractors as of earlier this year had access to internal tools that could change user account settings and hand control to others … including some at contractors like Cognizant.
Twitter declined to comment on the figure while Cognizant did not respond to Reuters’ request for comment. The Federal Bureau of Investigation (FBI) is investigating the Twitter breach.
The hackers “manipulated a small number of employees and used their credentials” to access internal tools, Twitter explained on Wednesday. Overall, the hackers targeted a total of 130 accounts, sent tweets from 45 accounts, and downloaded information using the “Your Twitter Data” tool for eight accounts. The company also revealed:
The hackers accessed 36 direct message inboxes, including one for an elected official in the Netherlands.
Besides the politician in the Netherlands, Twitter said it did not believe that the hackers looked at direct messages for any other elected official.
The former employees further explained to Reuters that Twitter had gotten better about logging the activity of its employees after previous mishaps, including searches of records by an employee accused of spying for the Saudi Arabian government. After a rogue employee deleted President Donald Trump’s account two years ago, the company limited access to national leaders’ accounts to a much smaller number of people. “That could explain why Biden’s account was hijacked but not Trump’s”, the news outlet wrote.
Former Twitter security engineer John Adams said Twitter should expand the number of protected accounts, such as requiring at least two people to change key settings of accounts with more than 10,000 followers.
During an earnings call with investors on Thursday, Twitter CEO Jack Dorsey acknowledged the problems, admitting:
We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools.
Meanwhile, lawmakers have called on Dorsey to testify at the upcoming antitrust hearing where CEOs of Amazon, Apple, Facebook, and Google are also expected to appear.
