Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Weird that they didn't require any MFA from a second support // Admin account when dealing with account security settings for prominent accounts. That's not that hard to set up and makes these sort of things harder to pull off. Not to mention severe rate limitation on internal accounts. How many prominent accounts does one support person need to reset password or email per day? Not that many, I'd wager.


Imagine the potential damage if an attacker tweeted something on behalf of the US President (let's say Biden in 2022), that China or Iran or Russia ships could be sunk at any moment if they didn't withdraw (due to some ongoing real incident)... The other side might fire on US ships before the tweet could be corrected.

Twitter is a disaster waiting to happen.


Right, because all these other parties would totally not think Twitter might be hacked? I'm truly baffled by this kind of hysteria.


As you say, it would probably not work on foreign governments, but would be very effective on the general population. They could have used that to cause political turmoil (hopefully not enough to change something like elections results?) or influence stock prices etc. This just looks so uninspired...


> As you say, it would probably not work on foreign governments, but would be very effective on the general population

I can't think of any serious risk posed by 'the general population'. Maybe particular stocks would dip a bit?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: