Twitter staff can tweet from any account in ‘GodMode’ because loopholes weren’t closed after Bitcoin scam hack, former engineer reportedly says
Twitter staff can tweet from any account, according to an FTC complaint seen by The Washington Post.
The ex-Twitter engineer behind the complaint said it was called “GodMode,” and the company didn’t close it after a hack.
In 2020, hackers tweeted a Bitcoin scam from several high-profile accounts after accessing internal systems.
Twitter staff can tweet from any account using a program formerly known as “GodMode,” according to a former employee who spoke to congressional staff and The Washington Post.
A complaint filed with the Federal Trade Commission by Whistleblower Aid last October prompted the federal agency to interview former Twitter employees, and a congressional staffer shared the complaint with the newspaper.
It follows a breach of Twitter security in July 2020, when teenage hackers got into the company’s internal systems and tweeted from 45 high-profile accounts. The intruders shared links to a Bitcoin wallet, promising to double users’ money, and as much as $120,000 was transferred before Twitter removed the scam tweets. The first tweet was sent from Elon Musk’s account, while Apple, Barack Obama, and Jeff Bezos were also compromised.
Three people were arrested around two weeks later, with charges including wire fraud and identity theft. At the time, Twitter said the problem had been solved, but the whistleblower disputes this. Per The Post, the complaint says: “The existence of GodMode is one more example that Twitter’s public statements to users and investors were false and/or misleading.”
The ex-Twitter engineer told The Post that the program’s name was changed to “privileged mode,” and its original purpose was to let Twitter staff tweet on the behalf of advertisers.
While executives said access to the powerful tool had been cut after the 2020 hack, any engineer only needs to change a line of code from “false” to “true,” according to the complaint seen by The Post.
“They put in writing to the public and regulators that they had closed all the loopholes. That’s a lie,” the whistleblower told The Post.
This latest report follows last July’s complaint from Twitter’s former head of security, Peiter Zatko, who was also represented by Whistleblower Aid. He joined the company shortly after the 2020 hack, and said he uncovered “extreme, egregious deficiencies by Twitter in every area of his mandate.”
Twitter did not immediately respond to Insider’s request for comment.
Read the original article on Business Insider