A month of crisis at Twitter has reignited concerns that the company’s part-time chief executive and years of accumulated “technical debt” have left it dangerously vulnerable to malicious attackers and lacking the leadership required to take rapid action or controversial decisions.
In mid-July, Twitter suffered an unprecedented security breach as hackers seized control of the accounts of major public figures and corporations, including Joe Biden, Barack Obama, Elon Musk, Bill Gates and Jeff Bezos.
The attackers, thought to have been initially motivated by seizing control of valuable usernames such as “@Joe”, mainly used their newfound access to promote a bitcoin scam that netted them a little under $200,000.
The outcome was widely seen as good fortune for Twitter; the worst-case scenario, observers noted, could have instead been somewhere on a spectrum from a mass leak of private direct messages to the instigation of a nuclear war. “Access gained through this administrator tool could have caused far greater damage and far wider damage than it did,” Dr Alexi Drew, a research associate at King’s College London, told Vice.
But within the month, it became clear that Twitter had been even luckier than it looked. The hackers had gained access to the company’s back end through an administrator tool intended to allow customer service to help users regain access to accounts to which they had forgotten the password.
In many companies, such as Uber and Facebook, that sort of tool is managed with strict access controls. Only those staff members who need to use the tool for their job can log into the dashboard, and everyone on the list has to go through a regular audit to ensure they still need the access and haven’t abused their rights.