Bloomberg: Twitter's Board Aware of Security Issues Since 2015

LOS ANGELES—Twitter CEO and founder Jack Dorsey, as well as the social media giant’s board of directors, were warned repeatedly about lax security around the site’s 186 million user accounts “multiple times” going back to 2015 — five years before the shocking hack of several high profile accounts on July 15. A Bloomberg News report published Monday revealed the extent of the security lapses leading up to the stunning July 15 hack that compromised several high-profile accounts.

In that hack, cyber-attackers accessed the accounts of Barack Obama, Joe Biden, Jeff Bezos and other high-profile users, to post false messages asking for donations of $1,000 in BitCoin cryptocurrency. The FBI is now reportedly heading the investigation into the hack.

But last week, Reuters reported that more than 1,000 people, including both Twitter employees and outside contractors, had access to internal tools that let them control user accounts. Monday’s Bloomberg report said that the number was approximately 1,500.

Security on user accounts was so lax that, according to the Bloomberg report, “contractors made a kind of game out of creating bogus help-desk inquiries that allowed them to peek into celebrity accounts, including Beyonce’s.”

The contractors were then able to see such personal data on the celebrities as their physical location, based on the IP address from which a tweet was sent. 

Bloomberg spoke to several Twitter security employees who said that despite warnings, the site’s upper management “has often dragged its heels on upgrades to information security controls while prioritizing consumer products and features.”

When worries about the excessive number of people who could easily access user accounts and data, and even post to those accounts posing as the users themselves — as happened in the July 15 hack — were brought to Twitter’s board of directors repeatedly from 2015 to 2019, they were “deferred for other priorities,” according to the Bloomberg report.

In fact, Twitter executives did not consider spying on user accounts by unauthorized persons as “a major security concern,” according to Bloomberg’s sources. As a result, incidents of spying and snooping, especially by outside contractors, became so commonplace that Twitter’s security staff could not keep up with all of the intrusions, the report stated.

According to a CNN report Monday, Twitter’s security issues may have been exacerbated by the company’s sudden transition to remote working for its employees as a result of the coronavirus pandemic, starting in March.

The same problem has been faced by companies across the country, who were forced to allow workers to access internal networks and software from their home computers as soon as the pandemic hit, according to CNN.

Twitter would not comment to CNN about its remote working policies, but former employees told the network that there was “no evidence” the company loosened its security protocols. The Bloomberg report indicates, however, that those protocols may have already been far too loose.

Photo By Mark Warner / Wikimedia Commons