Last night, a rogue Twitter employee celebrated their last day with the company by deactivating President Donald Trump’s account. In response, Twitter said it has “implemented safeguards to prevent this from happening again.” But the company declined to offer any explanation for how it would restrict access to tools that have been accessible to a range of Twitter employees, including contractors. Former employees say the company has known about the risks of rogue employees for years — and that Trump’s 11-minute deactivation isn’t the first time an employee targeted an account on their way out of the company.
In the wake of Trump’s account deactivation shortly before 10PM ET on Thursday, former employees gathered in an internal Slack that they use to discuss the company’s travails. The rogue employee, who has not been identified, was an immediate source of fascination. “We’re now referring to this individual as ‘the legend,’” one former employee told The Verge. At the same time, the former employee was not surprised by the incident. “People have ‘dropped the mic’ in the past and deleted accounts, verified users, and otherwise abused their power on the last day,” the employee said. In each case, the employee said, the abuse was caught quickly and did not become public.
These “mic drops” were possible because of the broad availability of customer support tools inside Twitter. The company won’t say how many people have access to the tools necessary to deactivate an account like Trump’s — and after today, the number is likely much lower. But up until now, as many as hundreds of people have had access to the tools, which let employees see a broad range of information about the account. The access does not allow employees to send tweets from other users’ accounts, or to read a user’s direct messages.
Still, the lack of protections around accounts for so-called Very Important Tweeters was a known issue inside the company, former employees said. Of particular concern is that many of the customer support staff with high-level privileges are third-party contractors located in the Philippines and Singapore. The New York Times reported on Friday that the person responsible for deactivating Twitter’s account was a third-party contractor.
“People pressed to say, there needs to be some kind of escalation flow, or prioritization flow,” one former employee said. “Someone in Singapore can’t be the person to make a 3-second decision on whether to suspend a verified account. I don’t know where that exists today. My hope is that those flows exist. If not, that’s pretty scary.”
Indeed, while many former employees tweeted their amusement at the incident, others were concerned. “You want to believe that Twitter has gone above and beyond to build tooling and redundancies that prevent any human error around this account given how consequential one tweet could be,” another ex-employee told me of the @realdonaldtrump account. “This mistake is incredibly concerning.”
Multiple former employees defended the need for customer service tools enabling quick account suspensions. If a hacker obtained access to the president’s account, for example, a customer service employee at Twitter would be able to quickly disable it. Similar tools exist at the other big tech companies, from Facebook to Uber. “This type of thing is possible at lots of tech companies — even if they build internal security,” said one former Twitter employee who now works at another large social network. “Ultimately, the best you can do is lock down access to as few people as possible and make the repercussions really harsh.”
But others worried that the incident revealed weaknesses in Twitter security that could be exploited by bad actors, including state-sponsored hackers. “It gets really chilling when you think about, what if a state is able to recruit somebody as an asset internally, and then go in and shut down accounts at a really key time?” one former employee said. “Or is able to obtain some sort of information about that account? There’s lots of really bad, bad versions of this that could play out.”
Twitter declined to comment beyond a handful of tweets from its TwitterGov account. “We won’t be able to share all details about our internal investigation or updates to our security measures, but we take this seriously and our teams are on it,” the account said. An open question is whether the former employee who took down Trump’s account could be subject to criminal charges. A person familiar with the situation said Twitter had not yet been contacted law enforcement.