This post was originally published on this site
https://content.fortune.com/wp-content/uploads/2023/01/GettyImages-1246329477-e1674648866943.jpgA new Twitter whistleblower has highlighted a serious ongoing security concern that the social media company claimed it fixed back in 2020.
The former employee claims that current staff still have access to “GodMode,” an internal setting that allows engineers at the company to access and post from any Twitter account, in a warning to members of Congress and the Federal Trade Commission and reported by the Washington Post.
The whistleblower said the function was originally intended so that employees could tweet on behalf of advertisers that weren’t able to do so themselves and, following previous controversy, it was renamed “privileged mode.”
Prior to Elon Musk’s takeover, Twitter’s privacy protections drew heavy criticism in 2020 when a group of teenagers hacked into the systems and tweeted from high-profile, verified accounts including Barack Obama, Joe Biden and Musk himself.
At the time, Twitter said that they repaired glitches and had restricted use of such functions. Now, just more than three months into Musk’s leadership, several former employees who recently left reportedly say security concerns are worse.
“GodMode” is still available to any engineer who requests access or to anyone familiar with the vulnerability, the new whistleblower said. Changes made couldn’t be traced back to the person who used the mode, the whistleblower added.
“Think before you do this”
According to the Post, the former employer demonstrated that someone with access (such as a Twitter engineer) could activate the function by changing one line of code from “FALSE” to “TRUE.”
Further screenshots reportedly showed that in the program line where those with access could delete tweets, a comment read in all caps: “THINK BEFORE YOU DO THIS.”
The whistleblower pointed out that “GodMode” could also be used by anyone who managed to hack into an engineer’s computer, and engineers’ computers have been compromised before.
“The existence of GodMode is one more example that Twitter’s public statements to users and investors were false and/or misleading,” the complaint reads.
“Our client has a reasonable belief that the evidence in this disclosure demonstrates legal violations by Twitter.”
This is not the first time the issue has been brought up. Another complaint of a similar nature was filed by Whistleblower Aid in October with the FTC, which is still investigating the matter.
Twitter did not immediately respond to Fortune‘s request for comment outside of U.S. work hours.
Learn how to navigate and strengthen trust in your business with The Trust Factor, a weekly newsletter examining what leaders need to succeed. Sign up here.