Report: Twitter’s Security Problems Were Self-Inflicted
- Paul Thurrott
- Jul 27, 2020
-
4
A Bloomberg report claims that employees warned Twitter about security issues at the service for at least five years to no avail. And when the service was recently hacked, those employees were not surprised.
The report cites four former Twitter employees and several contractors.
Windows Intelligence In Your Inbox
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
According to the report, there are over 1,500 people who reset Twitter accounts, review security breaches, and respond to content violations, and only some of them actually work for the social networking service. Worse, there are multiple reported instances in which contractors accessed the personal data of celebrities and other Twitter users, including their email addresses and phone numbers.
Employees began warning Twitter CEO Jack Dorsey about these breaches as long ago as 2015, and continued right up until earlier this month when dozens of high-profile Twitter accounts were hijacked a as part of a Bitcoin-based scheme. And it was Twitter’s lax control over the people who can access sensitive user data that led to the success of the attack.
Twitter denies the charges.
“We have no indication that the partners we work with on customer service and account management played a part [in the attack],” a Twitter statement claims. That said, Mr. Dorsey told investors that Twitter could have done more. “We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools,” he admitted.