In brief

  • The ‘God Mode’ admin panel at the center of the recent Twitter hack was previously used by outside contractors to snoop on celebrity accounts.
  • Contractors reportedly accessed Twitter accounts including that of singer Beyoncé, viewing personal information such as location data.
  • Twitter CEO Jack Dorsey was reportedly warned about the security of the admin panel as early as 2015.

Twitter's ‘God Mode’ admin panel, which was used in the July 'Bitcoin scam' hack, was previously used by company contractors to snoop on user accounts.

According to a report in Bloomberg, contractors with access to the admin panel used bogus support tickets during 2017 and 2018 to access celebrity Twitter accounts, including that of singer Beyoncé, tracking private information such as IP addresses and location data.

Twitter's 'God Mode' admin panel (Source: Motherboard)

Twitter CEO Jack Dorsey and his board were reportedly warned about the porous nature of security controls over the admin panel multiple times since 2015. According to the New York Times, gaining access to the panel was as simple as copy-and-pasting login details pinned to the top of an internal Slack channel.

A Twitter spokesperson was quoted by Bloomberg refuting the characterization that the admin panel was easily accessible. “We have no indication that the partners we work with on customer service and account management played a part here,” the spokesperson is quoted as saying, adding that access came with “extensive security training and managerial oversight.”

What is Twitter's 'God Mode' tool?

Twitter's admin panel is nicknamed ‘God Mode’ because it affords administrators sweeping powers over user accounts. Admins can use the panel to reset passwords, view DMs, respond to reports of content violations, grab sensitive info like phone numbers and IP addresses, and—as became apparent during the July hack—post from user accounts.

During the July 15th hack, 130 accounts were targeted, and with 45 accounts, the hackers were able to access user accounts, reset passwords, and post tweets from hijacked accounts, according to disclosure by Twitter.

The hackers used the accounts of prominent figures including Bill Gates, Elon Musk and Barack Obama to post messages promoting a Bitcoin scam, in which victims were urged to send Bitcoin to an address in the expectation of doubling their money.

Victims sent the hackers around 12.5 BTC, worth approximately $120,000 at the time of the hack. The funds from scammed users are reportedly being disseminated through a series of Bitcoin mixers, exchanges, and gambling sites in an attempt by the hackers to cover their virtual tracks.

Twitter is still investigating the hack, while federal investigations led by the FBI are underway.

This story was produced in collaboration with our friends at Forkast, a content platform focused on emerging technology at the intersection of business, economy, and politics, from Asia to the world.