Twitter said on Saturday that the perpetrators manipulated a small number of employees, using their credentials to log in to the background and received access to 45 accounts. On Wednesday, the company said hackers may have read direct information about 36 accounts, but did not identify the affected users.
Former employees familiar with Twitters security practices say too many people may have done the same thing. By the beginning of 2020, more than 1000 people, including contractors such as cogniant, have done similar things.
Twitter declined to comment on the number. Twitter said the company is looking for a new security director to better protect its systems and train employees on how to defend against outside trickery. Cogniant did not respond to a request for comment.
It sounds like too many people have access, said Edward Amoroso, a former chief security officer at & T Cyber security experts say threats from internal employees, especially from low paid outsourcing workers, have always been a concern for companies that serve a large number of users. The more people can change key settings, they say, the more stringent regulation must be.
The former employees said twitter was constantly improving measures such as keeping employee activity logs. While logs help with investigation, only alerts or continuous review can turn logs into something that can prevent damage.
John Stewart, a former chief security officer at Cisco, said companies with broad access needed to take a series of measures to ultimately ensure that authorized personnel only do what they should do.
A website analyst said that as early as 2017, he had seen terms such as Twitter insert or Twitter representative used to describe employees who can cooperate with Twitter.
On Thursdays earnings call, twitter chief executive Jack Dorsey acknowledged past mistakes. Were lagging behind in terms of protecting employees from social engineering attacks, or in limiting internal tools, he told investors (Chen Chen)
Source: Qiao JunJing, editor in charge of Netease science and Technology Report_ NBJ11279