Twitter has been exceptionally open about it's investigation... That is in day 2. The Twitter Support thread that Ben links to has a lot of detail for the very beginning of an investigation. We know pretty much what Twitter knows at this point.
If you are surprised that Twitter's customer service team can modify account settings, I would go to your company's support team and ask what abilities they have to help their customers.
I'm a web sysop and support engineer. My skills are mainly in back-end: Java, Linux, Python, PostgreSQL, Git, and GitLab. Currently I'm learning front-end skills: JavaScript, and Ruby.
Indeed. Impersonating a user is a common troubleshooting tool used in a lot of web applications. I don't believe this attack (it wasn't a "hack", not even a "crack") was made any worse by the presence of the tools, or their wide-ranging ability.
Usually the mitigation for security risks in such a tool are:
auditing of the actions performed by the support engineer on the user's behalf (that is: logging that the actions were done by the engineer, not the account owner themselves)
2FA for the engineering accounts
background security checks
regular, updated training and refreshers against social engineering attacks
In this case, it appears that the engineer's credentials have been obtained, and that 2FA was ineffectual or not employed. The tool itself may already audit the actions, which might have helped to remove the fake posts quickly, as they would have been recorded as such.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Twitter has been exceptionally open about it's investigation... That is in day 2. The Twitter Support thread that Ben links to has a lot of detail for the very beginning of an investigation. We know pretty much what Twitter knows at this point.
If you are surprised that Twitter's customer service team can modify account settings, I would go to your company's support team and ask what abilities they have to help their customers.
Indeed. Impersonating a user is a common troubleshooting tool used in a lot of web applications. I don't believe this attack (it wasn't a "hack", not even a "crack") was made any worse by the presence of the tools, or their wide-ranging ability.
Usually the mitigation for security risks in such a tool are:
In this case, it appears that the engineer's credentials have been obtained, and that 2FA was ineffectual or not employed. The tool itself may already audit the actions, which might have helped to remove the fake posts quickly, as they would have been recorded as such.