Twitter was ill-equipped to handle an unprecedented hack — now we need answers

Key Points
  • Wednesday's Twitter hack revealed the company wasn't equipped to handle an infiltration into its internal tools that had access to high-profile accounts.
  • Twitter blamed a "social engineering" effort by hackers that they used to tweet a bitcoin scam from accounts belonging to influential people such as Joe Biden, Elon Musk and Bill Gates.
  • As the company's investigation continues, there are several key questions it will need to answer to assure the public that its systems are secure.
Twitter attack appears like a 'human security issue', says CNBC tech editor Steve Kovach
Twitter attack appears like a 'human security issue', says CNBC tech editor Steve Kovach

Wednesday's Twitter hack wasn't just unprecedented, it was a shocking revelation that the company is ill-equipped to handle the security of a platform that's the backbone of breaking news, government policy and market-moving events on the internet.

The hackers were able to gain access to influential accounts for Joe Biden, Elon Musk, Bill Gates, Apple and others and share a scam asking for bitcoin.

So far, all we know for sure from Twitter is that at least one of its own employees was involved in the attack. Twitter described it as "social engineering," which typically means a hacker is able to trick someone into providing their login credentials for access. Twitter has not provided more information on the hack but said more will come as its investigation continues.

But a report from Vice on Wednesday described a much darker scenario. Vice's reporter said he spoke anonymously with at least some of the hackers involved in Wednesday's attack on Twitter, and they claimed to have paid off a Twitter employee to gain access to a tool that provides deep control over high-profile Twitter accounts.

If that's the case, it would be the second known time Twitter was allegedly infiltrated from the inside. Late last year, the Department of Justice charged two Twitter employees with providing private information from Twitter accounts to Saudi Arabian nationals.

The hack could have been much worse than an obvious bitcoin scam shared by several influential accounts. Imagine all the damage the hackers could have done if they coordinated messages about an impending economic collapse, a new pandemic or even war. Luckily, President Donald Trump's account did not tweet the bitcoin scam, so it appears to have been unaffected by Wednesday's attack.

Compromising an insider is problematic and preventable: Former DNI deputy director on Twitter hack
Compromising an insider is problematic and preventable: Security expert

And it's clear Twitter wasn't prepared to stamp out an attack of this magnitude. The company is lucky it was just a bitcoin scam and not something actually dangerous. Twitter might not be so lucky if it happens again.

The company's shares were down about 3% Thursday morning.

With all that in mind, Twitter has a lot of questions to answer about the security of its systems in the coming days. The whole fiasco has shown how important Twitter is to the flow of news, information and even government policy around the world. It's not unusual for President Trump to dictate policy, fire officials or make market-moving announcements with the push of a "tweet" button, after all.

Here are the biggest lingering questions Twitter will have to answer:

Did the Twitter employee(s) cooperate with the hackers? If Vice's report is true, then there was some level of coordination between the hackers and at least one employee inside the company. Given the case from last fall involving Saudi Arabia and the hack on Wednesday, Twitter needs to disclose how it vets employees before giving them access and what safeguards it has in place to make sure that access doesn't leak out. If there was no coordination, how did the hackers trick an employee into giving up access and what's being done to prevent this from happening again?

Why did it take hours to stop the hackers from tweeting? High-profile accounts were still tweeting out the bitcoin scam hours after it first started. Twitter attempted to slow it down by blocking verified accounts from tweeting, but that was well after the damage was done. Again, it was just bitcoin scam, but what if it evolved into something worse? Why did it take so long to stop the infiltration?

Does Twitter have a "circuit breaker" to pause the service if things get out of control? With so much market-moving and political information breaking on Twitter, does the company have the ability to pull the plug and pause tweets until the issue is resolved? 

Were the hackers able to access any private data from accounts? We know they were able to send tweets from accounts run by the likes of Elon Musk, Joe Biden and Bill Gates. Were they also able to access other private information about those people, such as email addresses, phone numbers or private messages?

Was President Trump's account impacted in any way? The implications of a Trump account takeover are obvious. Are there special safeguards around that account and the accounts of other government officials? If so, why aren't those safeguards used for all accounts?

Twitter said it would share more information as its investigation into the issue continues, but for now there needs to be more visibility and transparency into how Twitter's security systems and employees are prepared for future attacks.

Why President Trump's Twitter account likely wasn't hacked
Why President Trump's Twitter account likely wasn't hacked