US Senator wants answers from Dorsey on Twitter breach that appears to be inside job

On the day of what appears to be the largest breach in Twitter’s history, US Senator Josh Hawley pens an open letter to Twitter CEO Jack Dorsey asking him to explain what happened as fingers point to Twitter employees involved in the scam.

Yesterday, high profile accounts on Twitter were compromised and taken over in an apparent bitcoin-related scam, although the full scale of the attack has yet to be publicly assessed.

The Twitter accounts affected by the breach included those of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, and others.

On Wednesday Senator Hawley called on Twitter to work with the FBI and DOJ to better secure its platform and asked that Dorsey answer the following questions:

• Did this event represent a breach of users’ own account security or of Twitter’s systems?
• Were accounts protected by two-factor authentication successfully targeted in this breach? If so, how was this possible?
• Did this breach compromise the account security of users whose accounts were not used to share fraudulent posts? If so, how many accounts were affected? Were all accounts’ security compromised by this breach?
• How many users may have faced data theft as a consequence of this breach?
• What measures does Twitter undertake to prevent system-level hacks from breaching the security of its entire userbase?
• Did this attack threaten the security of the President’s own Twitter account?

Shortly after Twitter acknowledged the “security incident” all blue-checked accounts were temporarily suspended from tweeting on Wednesday evening.

Fingers point to an inside job

In a bizarre turn of events, Joseph Cox wrote in Motherboard that the bitcoin heist was allegedly made possible by a Twitter employee who helped the scammers pull it off.

Cox wrote that Motherboard was in contact with “two sources who took over accounts,” with one source declaring, “We used a rep that literally done all the work for us.”

The second source said that the Twitter employee was paid to take over the high profile accounts.

Backing up these claims, Twitter issued a statement saying that it believes some of its employees with access to internal systems and tools were successfully targeted.

Statements from the anonymous sources, along with screenshots obtained by Motherboard, suggest that Twitter employees on the inside were able to access the high-profile accounts using an internal tool at Twitter.

Screenshots expose more evidence of Twitter shadowbanning with ‘Trends’ & ‘Search’ blacklists

Screenshots of the alleged internal tool, if proven to be authentic, raise even more alarm bells about the inner workings of the platform.

The screenshots showed colored buttons, on two of which were written, “Trends Blacklist” and “Search Blacklist.”

Twitter has long claimed not to shadow ban, and the public isn’t privy to what exact trends and searches may be blacklisted, but seeing buttons for blacklisting trends and searches is concerning to many users with serious questions about the platform’s integrity.

Twitter tells you straight up, “We do not shadow ban,” but Twitter admits to making content more difficult to find, which in my opinion sounds like a part of shadowbanning.

“You are always able to see the tweets from accounts you follow (although you may have to do more work to find them, like go directly to their profile). And we certainly don’t shadow ban based on political viewpoints or ideology,” reads a Twitter blog post from 2018 (emphasis mine).

Wednesday’s Twitter breach exposed not only how vulnerable the platform is and how its own employees could compromise the account of a presidential candidate, but that Twitter may also have been misleading the public about its policies with questions arising over blacklistings.