KEY POINTS

  • Former employee-turned-whistleblower filed a security violations complaint against Twitter
  • The complaint was filed with the Federal Trade Commission in October
  • The company can be charged $1 billion if FTC concludes it is in violation

Twitter's security issues are yet again in global spotlight after a former employee-turned-whistleblower told members of Congress and staff at the Federal Trade Commission (FTC) that any engineer at the social media company can activate a program called "GodMode," and use it to tweet, delete and undelete from any account.

According to the new complainant, engineers just require a production computer to access GodMode to enter a simple code change from "FALSE" to "TRUE." After the access is granted, an engineer can delete or undelete any tweet. They receive a message, reading "THINK BEFORE YOU DO THIS," that flashes on their screen before the action is fully completed, as per screenshots attached with the complaint filed with the FTC in October, Engadget reported.

The new claims come months after veteran cybersecurity expert Pieter "Mudge" Zatko, Twitter's first whistleblower, filed a complaint with the Securities and Exchange Commission, the FTC, and the DOJ in July. In the complaint, Zatko, who was Twitter's security chief until then-CEO Parag Agarwal fired him in January 2022, accused the company of a number of shocking oversights and security issues.

Zatko had claimed as many as 1,000 Twitter employees and contractors had access to GodMode, now renamed "privileged mode," in 2020. The revelation had come on the heels of a mass hack of the company's internal system by crypto scammers who promoted a bitcoin giveaway by tweeting from the accounts of famous personalities.

Twitter previously confirmed 130 accounts had been targeted by attackers. Out of these, 45 accounts saw tweets posted by attackers, 36 accounts had their personal messages accessed, and 8 unverified accounts saw an archive of "Your Twitter Data" downloaded.

The new complainant, who remains anonymous for privacy reasons, said GodMode's existence is an example that Twitter's promises about security issues being resolved after the 2020 hack were "false and/or misleading." "Twitter does not have the capability to log which, if any, engineers use or abuse GodMode," the complaint said.

The complainant, in an interview with the Washington Post, said GodMode was renamed to "privileged mode" after internal pushback against the program – the purpose of which was to allow Twitter staff to post from advertisers' accounts in the event that they were unable to do so.

The whistleblower further told the outlet that anyone who would acquire access to a Twitter engineer's computer would be able to access GodMode, noting there have been hacking instances in the past. People who've been in touch with the FTC suggest the agency could seek $1 billion from Twitter if they conclude there has been a violation.

Illustration shows Elon Musk photo and Twitter logo
Reuters