You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Short of a nation state level attack, there's no reason this should've taken more than 5 minutes to contain, TBQH.
Word is this was a compromised user admin panel (screenshots are floating around). If so, it should've taken 40 seconds to disable that thing entirely, then 15 minutes to dig through the audit logs (they have audit logs, right????) and undo the damage.
Worth mentioning that if these tools didn't exist, it's almost certainly because management didn't let security staff build them, or didn't care, or they're understaffed, not because of sec staff themselves. This is Twitter being incompetent as an organization, not individuals.
It would surprise the shit out of me if they have audit logs.
You know as well as me that not everybody is Google :P
Making all the verified users unable to post is actually the best solution they could've chosen, in my unverified opinion.
Nah, their solution has the one fault that they didn't stop blue checkmarks from posting forever
40s? I wouldn’t estimate anyone the ability to deploy that quickly, let alone do root cause analysis to figure out what the leak actually is in that span of time.
I would expect them to have a killswitch for internal admin tools in case of abuse.
Vice seem to be saying someone on the inside got paid.https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos …
Doesn't really change the fact they should've been able to lock them our quickly, though.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
