[thread]

The recent Twitter hack revealed some very disturbing details about security at the social media company.

Twitter's staff stored the keys to their "God-level" access on Slack, in a chat channel where many presumably had access. There was no second factor to login.

1/
These insecurely stored Twitter admin credentials were apparently available to over a thousand people.

They allowed those who had access to them to control any Twitter account, review their DMs and much more.

Worse, it's not unlikely there's been unauthorized access before.

2/
What concerns me even more than what we know about the Twitter hack, though, is what we don't know -- and may never know.

To store login information so insecurely for something so important suggests that other security practices may also leave much to be desired.

3/
I hope that Twitter takes some time to improve their security, including whom they grant access to and how that sensitive information is stored.

Hundreds of millions of people rely on this platform and we should have better protections to secure it from malicious hackers.

4/4
You can follow @vegix.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: