DEV Community

Discussion on: What are the major lessons from the Twitter hack?

byrro profile image
Renato Byrro • Edited on

We learned that Least Privilege Principle is not followed on Twitter.

Why on earth would ANY Twitter employee need to publish a tweet as someone else? I mean, ever?

Having some employees with authority to delete a tweet? Fine.

But publish a tweet as someone else? Why would they give employees such enourmous power in the first place.

This is only going to foster people's suspicions of ideological/politically motivated shadow behavior by Twitter employees. And now I'm thinking, they might be right about it.