The extraordinary hacking spree that hit Twitter on Wednesday, leading it to briefly muzzle some of its most widely followed accounts, is drawing questions about the platform’s security and resilience in the run-up to the U.S. presidential election.
Twitter said late Wednesday hackers obtained control of employee credentials to hijack accounts including those of Democratic presidential candidate Joe Biden, former president Barack Obama, reality television star Kim Kardashian, and tech billionaire and Tesla founder Elon Musk.
Wednesday’s hack was the worst to date. Several users with two-factor authentication — a security procedure that helps prevent break-in attempts — said they were powerless to stop it.
“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” said Michael Borohovski, director of software engineering at security company Synopsys.
In 2010, Twitter reached a settlement with the U.S. Federal Trade Commission after it was found the company had lied about efforts to protect users’ information during an extended hack the year before.
Under the terms of the settlement, Twitter was barred for 20 years from misleading users about how it protects the security and confidentiality of private information.