Twitter employees can post messages from any account

1 month ago · 0 comments

A credible source cited by the American edition of The Washington Post claims that Twitter engineers can use the "GodMode" function and post messages from any account. The company could face a hefty fine if the allegations are confirmed.

Following a 2020 hack that saw a group of teenagers leave scam messages from accounts of famous people, Twitter has publicly stated that the issues have been fixed. "However, the existence of GodMode is yet another example that Twitter's public statements to users and investors have been false and/or misleading," according to an article published by The Washington Post.

The whistleblower, who is a former Twitter employee, spoke to both members of the US Congress and Federal Trade Commission (FTC) officials. He stated that any Twitter engineer can still activate "god mode" and post from any account.

The former employee also said that representatives of the company's management are well aware of everything, but publicly declare that the problem has been fixed. However, in reality, the function has simply been renamed "privileged mode" and is still in the hands of the engineers. The company has simply revoked access to the default tool, but engineers can still activate it by changing one line of code from FALSE to TRUE.

The Washington Post report said that "some people who have been in regular contact with the FTC suggest the agency could fine the company $1 billion or more" if it concluded that Twitter had consistently violated FTC rules.

This report is by no means the first evidence of the deplorable state of Twitter's privacy protections. Back in November 2022, another former employee, Steve Krenzel, claimed that he was asked by a major telecommunications provider in 2015-2016 to track the digital movements of users. Former CEO Jack Dorsey denied the request at the time, but according to reports from Twitter's legal team, the request did not violate the user's terms of service.

Recall that in early January, cybercriminals publicly disclosed 63 GB of data, leaking information from 235 million users of the platform to the darknet.