Skip to content
  • Insurance Journal
  • Insurance Journal TV
  • Academy of Insurance
  • MyNewMarkets.com
  • Carrier Management
Claims Journal - Insurance news and resources for claims adjusters

Featured Stories

  • Appellate Court Upholds Rule Allowing Longer Hours for...
  • Auto Claimants Waiting Longer for Collision Repairs
  • NJ Supreme: Statute Allows Construction Defect Claim;...
  • Insurers, Consumer Groups Telling Different Stories About...
  • Front Page
  • Most Popular
  • Jobs
  • Events
  • Research
  • Videos/Podcasts
  • Newsletters

Sources Say More Than 1,000 People at Twitter Had Ability to Aid Hack of Accounts

By Joseph Menn, Katie Paul and Raphael Satter | July 24, 2020
Email This Subscribe to Newsletter
Email to a friend Facebook Tweet LinkedIn Print Article
  • Article
  • 0 Comments

SAN FRANCISCO — More than a thousand Twitter employees and contractors as of earlier this year had access to internal tools that could change user account settings and hand control to others, two former employees said, making it hard to defend against the hacking that occurred last week.

Twitter Inc and the FBI are investigating the breach that allowed hackers to repeatedly tweet from verified accounts of the likes of Democratic presidential candidate Joe Biden, billionaire philanthropist Bill Gates, Tesla Chief Executive Elon Musk and former New York Mayor Mike Bloomberg.

Twitter said on Saturday that the perpetrators “manipulated a small number of employees and used their credentials” to log into tools and turn over access to 45 accounts. On Wednesday, it said that the hackers could have read direct messages to and from 36 accounts but did not identify the affected users.

The former employees familiar with Twitter security practices said that too many people could have done the same thing, more than 1,000 as of earlier in 2020, including some at contractors like Cognizant.

Twitter declined to comment on that figure and would not say whether the number declined before the hack or since. The company was looking for a new security head, working to better secure its systems and training employees on resisting tricks from outsiders, Twitter said. Cognizant did not respond to a request for comment.

“That sounds like there are too many people with access,” said Edward Amoroso, former chief security officer at AT&T. Responsibilities among the staff should have been split up, with access rights limited to those responsibilities and more than one person required to agree to make the most sensitive account changes. “In order to do cyber security right, you can’t forget the boring stuff.”

Threats from insiders, especially lower-paid outside support staff, are a constant worry for companies serving large numbers of users, cyber security experts said. They said that the greater the number of people who can change key settings, the stronger oversight must be.

Stumbles

The former employees said that Twitter had gotten better about logging the activity of its people in the wake of previous stumbles, including searches of records by an employee accused last November of spying for the government of Saudi Arabia.

But while logging helps with investigations, only alarms or constant reviews can turn logs into something that can prevent breaches.

Former Cisco Systems Chief Security Officer John Stewart said companies with broad access need to adopt a long series of mitigations and “ultimately ensuring that the most powerful authorized people are only doing what they are supposed to be doing.”

Who exactly pulled off the hacking spree isn’t clear, but outside researchers such as Allison Nixon of Unit 221B say the incident appears linked to a cluster ofcybercriminals who regularly traded in novelty handles – especially rare one-or-two character account names – that are treated a bit like the vanity license plates of the online world.

Although the public evidence tying the hacking to those was circumstantial, ultra-short Twitter handles were among the first to be hijacked.

In addition, the forums where those hackers were active have long been replete with boasts about having access to Twitter insiders, according to Nixon and Nick Bax, an analyst with StopSIMCrime, a group that lobbies for greater protection against “SIM swapping” – a phone number hijacking technique often used by these kinds of hackers.

Bax said he had seen reference on forums to “Twitter plugs” or “Twitter reps” – the terms used to describe cooperative Twitter employees – since as far back as 2017.

The potential involvement of low-level cybercriminals has particularly alarmed professionals because of the implication that a hostile government might be able to cause even greater havoc.

Access to accounts for national leaders was limited to a much smaller number of people after a rogue employee briefly deleted President Donald Trump’s account two years ago. That could explain why Biden’s account was hijacked but not Trump’s.

Twitter should expand the number of protected accounts, said former Twitter security engineer John Adams. Among other things, accounts with more than 10,000 followers should at least need two people to change key settings.

Security experts said they were worried that Twitter has too much work to do and too little time before the campaign for the Nov. 3 U.S. election intensifies, with potential inference domestically and from other countries.

Said Ron Gula, a cybersecurity investor who co-founded network security company Tenable, “The question really is: Does Twitter do enough to prevent account takeovers for our presidential candidates and news outlets when faced with sophisticated threats that leverage whole-of-nation approaches?”

On a call to discuss company earnings on Thursday, Twitter Chief Executive Jack Dorsey acknowledged past missteps.

“We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools,” Dorsey told investors.

Copyright 2022 Reuters. Click for restrictions.

Was this article valuable?

Thank you! Please tell us what we can do to improve this article.

Thank you! % of people found this article valuable. Please tell us what you liked about it.

Here are more articles you may enjoy.

Record Amount of Seaweed Is Choking Shores in the Caribbean
Cause Sought for Indiana House Explosion that Killed 3
Driver in LA Crash that Killed 5 Charged with Murder
ATM Theft Numbers Continue to Climb After Surpassing Historic Highs
newsletter

Want to stay up to date?

Get the latest insurance news
sent straight to your inbox.

Email This Subscribe to Newsletter
Email to a friend Facebook Tweet LinkedIn Print Article
  • Categories: National NewsTopics: account settings, breach, Cognizant, credentials, FBI, hacking, investigating, twitter
  • Have a news tip? Email us at newsdesk@claimsjournal.com

Add a CommentSee All Comments (0)Add a Comment Cancel reply

Your email address will not be published. Required fields are marked *

*

*

More News
Wildfires Spread, Fish Die Off amid Severe Drought in Europe
Teen’s Death is Latest Tragedy in Flood-Ravaged Kentucky
Cause Sought for Indiana House Explosion that Killed 3
N.J. Supreme Ct: New York Exclusion Relieves Insurer of Duty to Defend
More News Features

Read This Next

  • Sources Say More Than 1,000 People at Twitter Had Ability to Aid Hack of Accounts
  • School Dean who Shot Student Ordered to Pay $10 Million Judgment
  • ATM Theft Numbers Continue to Climb After Surpassing Historic Highs
  • Power Restored to Downtown Toronto After Outage Leaves Businesses in the Dark
  • Lawyer: Photos of Kobe Bryant's Remains Shared 'for a Laugh'

Claims News

  • Latest news
  • Most Popular News
  • News by Topic
  • Yesterday

Site Search

Features

  • Claims Jobs
  • Industry Events
  • Newswire
  • Blogs

Connect with us

  • Email Newsletters
  • For Your Website
  • RSS Feeds
  • Twitter
  • Facebook
  • LinkedIn
  • Do Not Sell My Info

Claims Journal

  • Submit News
  • Advertise
  • Subscribe
  • Contact Us
  • Link to Us

Wells Media Group Network

  • Insurance Journal
  • MyNewMarkets.com
  • Insurance Journal TV
  • Academy of Insurance
  • Carrier Management
© 2022 by Wells Media Group, Inc. Privacy Policy | Terms & Conditions | Site Map

We have updated our privacy policy to be more clear and meet the new requirements of the GDPR. By continuing to use our site, you accept our revised Privacy Policy.