Twitter contractors spied on celebrities like Beyonce
What's the story
As Twitter continues to draw flak for the recent hack of several high profile accounts through its internal tools, Bloomberg has published a report highlighting another major skeleton in the company's closet. According to the outlet, some of Twitter's contractors had, for months, abused their access to internal tools to spy on celebrities, including Beyoncé. Here's what went down.
Claim
1,500 contractors given powerful, spying-enabling tools
In recent conversations with former Twitter employees, Bloomberg learned about the microblogging giant's lax efforts to keep tabs on its contractors' actions, and the security concerns stemming from it. The people claimed that these 1,500 workers are tasked with the job of resetting/managing accounts, reviewing user breaches, and responding to content violations, but the tools they use open the way for spying as well.
Information
What kind of information the tools gleaned?
The tools provided the contractors access to personal information like account IP addresses, email addresses, and phone numbers - all of which could be used for spying/hacking. In fact, the former employees added, some workers in 2017 and 2018 exploited this information and created fake help-desk inquiries to get into the accounts of celebrities, including Beyoncé's, and access their private data and approximate locations.
Information
Contractors made a game out of this
The former employees emphasized that these controls were so porous that the contractors exploiting them had made a game out of creating these bogus help tickets, indicating that something was wrong with the account, for spying purposes. Some of them were hired by Cognizant.
Problem
Meanwhile, Twitter's security teams struggled to act
The practice of illegally spying on accounts became so frequent that Twitter's security teams in the US often failed to keep track of the intrusions, Bloomberg's sources claimed. Some of the workers were caught and subsequently fired but others found work-arounds to explore data and account details of "former lovers, politicians, favorite brands, and celebrities," without being caught red-handed.
Priority
Ironically, management did not prioritize account snooping from inside
The matter of account snooping from the inside was raised with CEO Jack Dorsey and the company's board of directors "almost annually during a period from 2015 to 2019." But, it was not presented (or seen) as an immediate major concern and, therefore, deferred in favor of the cybersecurity efforts or consumer features/products that could generate more revenue for the company.
Response
What Twitter says on this?
In response to the report, the company's spokeswoman disputed the way former employees presented Twitter's response to concerns regarding the access and abuse of internal tools. She added, "We have no indication that the partners we work with on customer service and account management [willingly] played a part here," referring to the recent breach of accounts that took place through its internal employee tools.