This story is over 5 years old.


A Former Twitter Employee Told Us How a Contractor Could Take Down Trump's Account

A Twitter contractor briefly disabled the president’s account, revealing new concerns about social media’s role in national security.

President Trump's Twitter account briefly ceased to exist Thursday night, when a third-party Twitter customer service contractor deactivated Trump's handle. This was, according to the company, an enterprising—and unsanctioned—act on the person's last day of work there. It took 11 minutes for the account to be restored.

The incident presents some potentially serious security concerns. And Trump, as we know, does not practice good opsec.


Trump accused a "rogue employee" of taking down his account this morning. Last night, there had been speculation that Trump, or one of his aides, such as social media director Dan Scavino, had intentionally disabled it. Or even that Twitter had finally suspended Trump for violating its Terms of Service.

Let's think about the scary scenarios for a second.

Can a Twitter employee access data that puts the president, or other Americans, at personal risk? Trump's tweets are already reckless, but what happens if someone tweets "I <3 butts," or worse, "Let's nuke North Korea," from Trump's official handle?

Most Twitter users have no idea how the site is moderated on the backend. Twitter has never been forthright about how, exactly, its staff moderate abuse, spam, bugs, bots, or anything like that. The wildly opaque company only recently vowed to tackle its biggest problems, such as abuse and hate speech, with a modicum of transparency.

That said, nothing tells us how a customer service contractor might hijack the president's Twitter account. But a former employee with knowledge of Twitter's admin platform, who agreed to talk with me under the condition of anonymity because they signed a non-disclosure agreement with the company, claims it was only a matter of time before something like this occurred.

A platform of modules, called the "user admin panel," could've allowed the contractor to tinker with Trump's account. This panel is comprised of various features, like the ability to suspend and delete accounts, and is used not only by customer service staff, but by other Twitter teams as well.


"Support definitely would [have access to these overrides], as it's their job," the former Twitter employee said. "If you notice that Trump's account has been hacked, the customer support team probably wants to be able to suspend it ASAP."

Not all Twitter staff have the same permissions, they said. And that means different people see different user information. It's not clear how Twitter decides this. "The customer service team…probably have permissions to see people's email addresses and other personal data."

The person who deactivated Trump's account potentially had access to sensitive information, such as previous logins, IP history, logged-in devices, a phone number, and email address. All of this data, which a Twitter employee with high privileges can sometimes see, is known as "Your Twitter data"—a user tab that's accessible under your profile's "Settings" section.

"So, for Trump, you could potentially figure out which [login] is him and how many of his aides have his account logged in," the source added.

"There's [also] stuff that's not visible to a user that they can see, like the full history of profile and username changes, all the emails associated with the account, etc."

The implications of a compromised Twitter account—one as influential as Trump's—aren't unimaginable. When the Associated Press' account was hacked in 2013 by the Syrian Electronic Army, the hacking collective tweeted, "Breaking: Two Explosions in the White House and Barack Obama is injured." The tweet sent shockwaves throughout the stock market, causing the Dow to temporarily plummet, erasing "$136 billion in equity market value in 3 minutes," according to Bloomberg.


Again, we don't know if the person who deactivated Trump's account could see all of this, but it's within the realm of possibility. And while there are safeguards to prevent a Twitter employee or contractor from tweeting as the president, a malicious user, should they obtain this sensitive data, could still do significant damage.

"Trump's fault is that when he became a US government employee—and that is what he is—his social media should've reflected that. He should not kept using his personal account for political governmental business," Peter Singer, a well-known expert on cybersecurity and Senior Fellow at New America, said.

As we saw this week, when Twitter, Facebook, and Google testified on Capitol Hill about Russia's election meddling, "social media companies have failed to come to grips with who they are, and what role they play in society. They imagine themselves as tech companies that just make products, but they're actually a new combination of media company and public utility," Singer added.

These companies' use of contractors, often part-time workers in internet call centers, to handle abuse and moderation is something else to consider. Twitter, for example, has never provided a breakdown of how much of its workforce is contracted.

We do know that Twitter has done backend work on other presidential accounts before. In January, the company accidentally caused 560,000 users to follow the @POTUS account as it was being transitioned from President Barack Obama to Trump. This happened due to a flawed script that was supposed to migrate @POTUS followers to the archived @POTUS44 account.

I asked Twitter if Trump's account had extra layers of security, as one might expect, but a spokesperson for the company declined to comment. The company also declined to say how it plans to prevent this from happening again.