LOS ANGELES—The social media company Twitter took a casual approach to security, allowing access to its most sensitive internal tools to more than 1,000 people, including outside contractors, according to a report by the news agency Reuters on Thursday. Those tools would allow those with access to alter user account settings, or even give control of those accounts to other people, according tl tyhe report.
Twitter did not confirm the 1,000 number to Reuters, nor would the company say whether the number of people with access to the internal tools had been scaled back, or increased, in recent weeks.
The report of the lax security measures at Twitter on the heels of the stunning hack comes just as Twitter CEO Jack Dorsey revealed, according to a CNN report Thursday, that it may start charging fees to use its social media platform.
"You will likely see some tests this year,” Dorsey told Twitter shareholders on an investors’ conference call, according to CNN. But Dorsey did not specify exactly how a Twitter payment system would work, saying only that the company would set ”a really high bar for when we would ask consumers to pay for aspects of Twitter.”
As reported last week, early indicators show that the July 15 hack may have been an “inside job,” involving at least one person who already had access to the tools.
The hackers seized control of several high-profile accounts, including those registered to Joe Biden, Barack Obama, Elon Musk, and Jeff Bezos. The hackers used those accounts to post messages — appearing to be posted by the account-holders — asking users to send money in the form of BitCoin cryptocurrency. Reportedly, enough users took the bait for the hackers to collect about $120,000 in BitCoin.
Twitter provided an update on its own investigation into the hacking attack, admitting Thursday that the hackers downloaded private, direct messages from 36 accounts, including one operated by “an elected official in the Netherlands.”
Though Twitter did not name the Dutch elected official, the BBC reported that the hacked account belonged to Geert Wilders, a member of parliament and leader of the Netherlands’ far-right-wing Party for Freedom — which is the second-largest party in the Dutch House of Representatives.
"I was informed by Twitter last night... that my Twitter account was not only hacked for some days and the hacker also posted tweets on my account and sent DMs in my name, but indeed also got full access to my DMs, which of course is totally unacceptable in many ways," Wilders told the BBC.
Wilders and his party are known for campaigning to ban Muslims from the Netherlands, and to close down mosques in the country. Hackers replaced the background image on Wilders’ account page with an image of the Moroccan flag, and substituted a cartoon image of a black man for the politician’s profile picture.
Twitter said that it had no “indications” that any other elected officials were victims of the direct-message intrusion.
On the total 130 accounts accessed by the hackers, the cyber-intruders “were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools.”
But Twitter also said that the hackers could not access previous user passwords, which are not stored in plain text, and not accessible through the internal tools. But the company’s investigators are still probing whether hackers could access any other information about the targeted users.
Photo By Matthew Keys / Wikimedia Commons