A rogue Twitter employee on their last day of work brought down the most powerful online account in the world, raising serious concerns about the social network’s security measures.
Mayhem broke out on Twitter on Thursday night after President Donald Trump’s account mysteriously vanished for 11 minutes.
Twitter said the account was deactivated “inadvertently” by one of its employees and that it would investigate further.
Earlier today @realdonaldtrump’s account was inadvertently deactivated due to human error by a Twitter employee. The account was down for 11 minutes, and has since been restored. We are continuing to investigate and are taking steps to prevent this from happening again.— TwitterGov (@TwitterGov) November 3, 2017
It later admitted that a disgruntled employee pulled the plug on Trump’s account on their last day on the job.
Through our investigation we have learned that this was done by a Twitter customer support employee who did this on the employee’s last day. We are conducting a full internal review. https://t.co/mlarOgiaRF— TwitterGov (@TwitterGov) November 3, 2017
After he regained access to his account, Trump blamed a “rogue employee.” Twitter is now conducting a full review.
Trump uses his Twitter account on a daily basis to connect with followers, hit out at his enemies, and announce major policy changes. He has tweeted more than 36,000 times since 2009 and has 41.7 million followers. Whoever has access to his posts holds the keys to a powerful political platform. That became clear when one of his recent tweets was interpreted by North Korea as a declaration of war.
Yesterday’s incident brings up questions as to how one employee could shut down @realDonaldTrump without gaining permission, and what Twitter is doing to prevent someone from taking over his account. A former senior employee at Twitter told BuzzFeed that “a lot” of employees have the ability to suspend an account but far fewer, in the “hundreds,” can deactivate one. Trump’s account was deactivated, not suspended.
The tools needed to deactivate an account are also reportedly managed in a dashboard UI, so employees don’t need computer engineering skills to use them. It appears Twitter was considering putting special protections on high-profile accounts, but the measure was never implemented, the unnamed source said.
It’s still not clear who the employee was or how they got access to the president’s account. It’s possible they were one of the hundreds who have the tools to do so. They may also have breached Twitter’s security measures. Whatever the case, it caused a brief period of panic, which—as Blake Hounshell, editor-and-chief of POLITICO, points out—could have been much worse.
Seriously, what if this person had tweeted about a fictional nuclear strike on North Korea? https://t.co/TcvpXqXk42— Blake News (@blakehounshell) November 3, 2017
It’s unlikely this employee had the ability to post from Trump’s account, but the incident shows just how weak Twitter’s safeguards are. The next time a rogue employee wants to exploit them, they might do worse than deactivate his account—they could try taking it over.