In brief
- The ‘God Mode’ admin panel at the center of the recent Twitter hack was previously used by outside contractors to snoop on celebrity accounts.
- Contractors reportedly accessed Twitter accounts including that of singer Beyoncé, viewing personal information such as location data.
- Twitter CEO Jack Dorsey was reportedly warned about the security of the admin panel as early as 2015.
Twitter's ‘God Mode’ admin panel, which was used in the July 'Bitcoin scam' hack, was previously used by company contractors to snoop on user accounts.
According to a report in Bloomberg, contractors with access to the admin panel used bogus support tickets during 2017 and 2018 to access celebrity Twitter accounts, including that of singer Beyoncé, tracking private information such as IP addresses and location data.
Twitter's 'God Mode' admin panel (Source: Motherboard)
Twitter CEO Jack Dorsey and his board were reportedly warned about the porous nature of security controls over the admin panel multiple times since 2015. According to the New York Times, gaining access to the panel was as simple as copy-and-pasting login details pinned to the top of an internal Slack channel.
Garmin makes a wide array of GPS-connected devices, such as fitness bands and personal GPS units used by consumers, as well as devices used by pilots, ship captains, and more. As such, a whole lot of people were affected when Garmin’s networks went down late last week.
Today, the company admitted what was reported before and over the weekend: Garmin’s systems had been hit by a ransomware attack, with a hacking group demanding a $10 million payment to decrypt the company’s networks and restore it...
A Twitter spokesperson was quoted by Bloomberg refuting the characterization that the admin panel was easily accessible. “We have no indication that the partners we work with on customer service and account management played a part here,” the spokesperson is quoted as saying, adding that access came with “extensive security training and managerial oversight.”
What is Twitter's 'God Mode' tool?
Twitter's admin panel is nicknamed ‘God Mode’ because it affords administrators sweeping powers over user accounts. Admins can use the panel to reset passwords, view DMs, respond to reports of content violations, grab sensitive info like phone numbers and IP addresses, and—as became apparent during the July hack—post from user accounts.
During the July 15th hack, 130 accounts were targeted, and with 45 accounts, the hackers were able to access user accounts, reset passwords, and post tweets from hijacked accounts, according to disclosure by Twitter.
The hackers used the accounts of prominent figures including Bill Gates, Elon Musk and Barack Obama to post messages promoting a Bitcoin scam, in which victims were urged to send Bitcoin to an address in the expectation of doubling their money.
If the slightly wonky wording didn’t give it away, the sudden urge by some of the world’s richest people to give away free Bitcoin should have.
On 15 July 2020, the Twitter accounts of high-profile individuals including Jeff Bezos, Elon Musk and Mike Bloomberg, plus corporations such as Apple and Uber, all tweeted messages with almost identical wording: “I am giving back to my community due to COVID-19. All Bitcoin sent to my address below will be sent back doubled.”
It had all the hallmarks of...
Victims sent the hackers around 12.5 BTC, worth approximately $120,000 at the time of the hack. The funds from scammed users are reportedly being disseminated through a series of Bitcoin mixers, exchanges, and gambling sites in an attempt by the hackers to cover their virtual tracks.
Twitter is still investigating the hack, while federal investigations led by the FBI are underway.
This story was produced in collaboration with our friends at Forkast, a content platform focused on emerging technology at the intersection of business, economy, and politics, from Asia to the world.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.