Twitter Engineers Can Still Use 'Godmode' To Tweet As Any Account, Claims Whistleblower

SHARE THIS ARTICLE

REACH US

GENERAL INQUIRY

[email protected]

ADVERTISING

[email protected]

PRESS RELEASE

[email protected]

HOTLINE

+673 222-0178 [Office Hour]

+673 223-6740 [Fax]

Upcoming Events

Prayer Times

The prayer times for Brunei-Muara and Temburong districts. For Tutong add 1 minute and for Belait add 3 minutes.

Imsak	: 04:34 AM
Subuh	: 04:44 AM
Syuruk	: 06:09 AM
Doha	: 06:33 AM
Zohor	: 12:22 PM
Asar	: 03:48 PM
Maghrib	: 06:34 PM
Isyak	: 07:49 PM

The Business Directory

Security & Privacy

Home > Security & Privacy

Twitter Engineers Can Still Use 'Godmode' To Tweet As Any Account, Claims Whistleblower

Sundry Photography via Getty Images

January 25th, 2023 | 13:09 PM | 343 views

CALIFORNIA, UNITED STATES

The new complaint says they could also delete and undelete tweets.

Twitter has a new whistleblower, as another former employee has sounded the alarm about security issues, according to The Washington Post. The new complainant, who has spoken with Congress and the Federal Trade Commission (FTC), says any Twitter engineer still has access to an internal program — formerly called “GodMode” — that lets them tweet from any account.

The whistleblower’s complaint alleges GodMode (now renamed to “privileged mode”) remains on the laptop of any engineer who wants it, requiring only a production computer and a simple code change from “FALSE” to “TRUE.” Screenshots of the code, included in an October complaint filed with the FTC, show a warning to anyone attempting to use it: “THINK BEFORE YOU DO THIS.”

This isn't the first time Twitter security has drawn scrutiny. In 2020, teenage crypto scammers hacked the company’s internal systems, sending fake tweets from the accounts of President Joe Biden, Barack Obama, Musk and others. Twitter’s at-the-time executives said they had fixed the issue and launched a “comprehensive information security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of nonpublic consumer information.”

However, Twitter’s first whistleblower, Peiter Zatko, disputed that. Another engineer claimed at the time that GodMode was still widely available.

The new complainant’s filing says the incident led to Twitter reopening the case, which sparked the discovery that engineers could also delete or restore anyone’s tweets. (Regular Twitter users can't do either.) He also claims Twitter can’t log who, if anyone, uses or abuses any of the special privileges.

The new whistleblower’s complaint was filed by Whistleblower Aid, the same nonprofit firm representing Zatko. The FTC is reportedly interviewing former Twitter employees about the allegations.

Source:
courtesy of ENGADGET

by Will Shanklin

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]