Dorsey & Co Were Aware of Security Issues With Twitter Users Since 2015

Published at: July 28, 2020

Numerous unnecessary employees at Twitter allegedly have the ability to reset users’ accounts and modify their security settings. This is a problem that Jack Dorsey, chief executive officer, and the company’s board were warned about all the way back in 2015. 

According to Bloomberg, Twitter has over 1,500 workers with the abilities to reset accounts and review user breaches. This led to speculation that the hack on July 15 could have been prevented if timelier actions were taken.

Security concerns addressed

The report clarified that such credentials gave limited access to most of the workers involved in the social network’s security department. They do note however that it is “a starting point to snoop on or even hack an account.”

The “Risk Factors” section of Twitter’s 10-K annual report, filed in 2015 with the Securities Exchange Commission, or SEC, confirms that Dorsey & Co. had long been warned of this potential attack vector:

“Our security measures may also be breached due to employee error, malfeasance, or otherwise. Additionally, outside parties may attempt to fraudulently induce employees, users or advertisers to disclose sensitive information in order to gain access to our data or our users’ or advertisers’ data or accounts, or may otherwise obtain access to such data or accounts.” 

Twitter contractors tested issues in 2017

Bloomberg mentions that at one point in 2017 and 2018, Twitter contractors created a “game” which consisted of flooding the help-desk with bogus inquiries, allowing them to access celebrities’ accounts. They used this access to trace personal data and approximate locations based on the owner’s IP addresses. 

Twitter’s 2020 10-K annual report, filed with the SEC, referred to “unauthorized parties” access:

“Unauthorized parties may also gain access to Twitter handles and passwords without attacking Twitter directly and, instead, access people’s accounts by using credential information from other recent breaches, using malware on victim machines that are stealing passwords for all sites, or a combination of both.”

The recent Twitter attack posted a fake Bitcoin (BTC) giveaway via the accounts of some of the most powerful verified accounts in the world. These included Joe Biden, Elon Musk, George Wallace, Bill Gates, Kanye West, Kim Kardashian, Wiz Khalifa, Warren Buffett, Mike Bloomberg, Barack Obama, and Jeff Bezos, among others.

Tags
Bitcoin
Cryptocurrencies
Hacks
Twitter
Cybercrime
Cybersecurity
Related Posts
Experts Concerned Over Twitter’s Ability to Tweet on Behalf of Users
Cybersecurity experts are warning that the Twitter hack on July 15 shows that the social network needs to strengthen its security in order to avoid a worse black swan scenario with serious consequences. In the most recent incident, attackers launched a crypto giveaway scam by posting phishing messages through the hijacked profiles of celebrities and high-ranked political personalities worldwide, collecting over 13 Bitcoin (BTC) from the victims. The attack could have been worse Ilya Sachkov, CEO of threat intelligence firm Group-IB, believes the attack demonstrated a “huge problem of low financial literacy and bad cyber hygiene.” He told Cointelegraph: “This …
Technology / July 21, 2020
Reddit user warns of a copy & paste exploit that stole his crypto
A Reddit user operating under the name “seraf1990” warned of a copy & paste crypto scam that replaced a wallet address he copied from Coinbase with one belonging to scammers. According to seraf1990, he lost about $350 worth of Bitcoin (BTC) — money that he notes was meant to go towards his rent for next month. The post explains that seraf1990 was attempting to cash out some BTC by sending it from Binance to his account on Coinbase. After copying the exchange’s Bitcoin wallet address, he pasted it into the appropriate field back on Binance and completed the transaction “without …
Bitcoin / Aug. 26, 2020
Hackers Stole and Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms
Hackers compromised five United States law firms and demanded two 100 Bitcoin (BTC) (over $933,000 at press time) ransoms from each firm: one to restore access to the data, one to delete their copy instead of selling it. According to data shared with Cointelegraph by cybersecurity firm Emsisoft, the hacker group — called Maze — already started publishing part of the data stolen from the aforementioned firms. Two of the five law firms were hacked within the 24 hours leading to Feb. 1. The hackers published the data on two websites that were shared with the author of this article, …
Bitcoin / Feb. 3, 2020
Using Ransomware, Hackers Steal and Publish Medical Data of Firm Researching Coronavirus
Black hat hacker group Maze has infected the infrastructure of a firm researching the coronavirus with ransomware, managing to steal and publish sensitive data. The hack of medical information Cybersecurity firm Emsisoft told Cointelegraph on March 23 that Maze group’s hackers compromised United Kingdom medical firm Hammersmith Medicines Research. The published data includes sensitive data on medical test volunteers such as id documents like passports, medical background and details of the tests. Emsisoft threat analyst Brett Callow said: “[The data] is on the clear web where it can be accessed by anybody with an internet connection. [...] The criminals almost …
Bitcoin / March 23, 2020
Crypto’s recovery requires more aggressive solutions to fraud
It’s hardly an exaggeration to say that our industry is facing tough times. We’ve been in the midst of a “crypto winter” for some time now, with the prices of mainstays, including Bitcoin (BTC) and Ether (ETH), tumbling. Likewise, monthly nonfungible token (NFT) trading volumes have fallen more than 90% since their multibillion dollar peak back in January of this year. Of course, these declines have only been exacerbated by the numerous black swan events rocking the crypto world, such as the FTX and Three Arrows Capital meltdowns. Taken together, it shouldn’t be a surprise that crypto is facing a …
Cryptocurrencies / Dec. 30, 2022