You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
And apparently Twitter is retaliating against users tweeting screenshots of the internal tool (even censored of private info), which speaks volumes as to their priorities during this kind of massive security incident.
Remember this is apparently a *support tool*. The issue of insider access from *engineers* is a tricky one, because ultimately engineers need to be able to engineer the system. It's possible, but tricky, to build sufficient controls around engineering procedures.
But support tools? There should be high-level overrides for all of that stuff, and auditing up the wazoo, at the very least a kill switch that is always accessible to on-call engineers/security team. It should've taken minutes to identify and lock out the attack.
There is absolutely no reason why anything someone working for Twitter support does shouldn't be immediately identifiable, controllable, and reversible by someone at a higher level, on-call, as soon as it happens. We have access hierarchies for a reason.
It is not clear that this was a support account that was accessed rather than an engineering account. Engineers often have access to support tools, especially if they are responsible for them.
Possible, but it's getting far-fetched. Whoever did this was clearly an idiot and didn't think through the consequences of their actions. Engineers are less likely to attempt something this dumb, IME.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
