On July 15, twitter suffered a large-scale hacker attack, and some of the most concerned authentication accounts on the platform were controlled by hackers to publish tweets of bitcoin fraud. But a recent report showed that, years before the attack, twitter contractors had apparently been able to use the company’s internal tools to monitor celebrities, including Beyonce. According to reports, the tools involved mainly allow twitter employees to perform things such as resetting accounts or handling illegal content, but these tools can obviously also be used to monitor or attack an account.
reported: “there are so many loopholes in these controls that at some time in 2017 and 2018, some contract workers even used fake technical support service queries to peep into celebrity accounts, including Beyonce’s account. They track stars’ personal data, such as the approximate location found from their device’s IP address.” The report also said that on twitter, eavesdropping on user accounts is particularly rampant, making it “difficult for Twitter’s full-time security team in the United States to track attacks.”.
some of the contract workers are employed by professional service provider cognisant. Cogniant is still working with Twitter. More than 1500 full-time employees and contract workers have access to change user accounts, a twitter spokesman said. “There is no indication that the customer service and account management partners we work with are involved in” the attacks that occurred this month, “he said.
Twitter has publicly claimed that some of the company’s tools were used in the July 15 hacking incident, saying it was part of a” coordinated social engineering attack, “an attack on employees with access to internal tools. Hackers called at least one twitter employee to try to “get security information that allows them to access Twitter’s internal user support tools.”. But how hackers successfully access Twitter’s internal tools remains a mystery. It was previously reported that someone involved in the attack caught a glimpse of the credentials of access tools on Twitter’s internal slack channel and was able to access the tools. Another rule of thumb is that some say they’ve bought out twitter employees.
in addition, the report also pointed out that from 2015 to 2019, almost every year, someone raised the security issue of Twitter account to the company’s board of directors. But these issues are not always seen as an urgent threat to Twitter’s security or the privacy of the company’s users.