Trump's Twitter Deactivation: Security Questions Arise

Written by

Donald Trump’s Twitter account was deactivated briefly on Thursday night by a rogue employee at the social media company. The incident raises serious questions about the security of the president’s Twitter feed, which he uses to trumpet policy changes, saber-rattle with North Korea and connect with the American people.

The employee, who was working his or her final day at Twitter, accessed the president's personal account, @realDonaldTrump, and took it offline, so that visitors to the feed were greeted with the message, “Sorry, that page doesn't exist!” The account was down between about 6:45 and 7 pm ET.

Twitter initially posted a statement saying the “account was inadvertently deactivated due to human error by a Twitter employee. The account was down for 11 minutes, and has since been restored. We are continuing to investigate and are taking steps to prevent this from happening again.”

Later however, the company revised its assessment, saying that the deed was done “by a Twitter customer support employee who did this on the employee's last day.”

For his part, Trump used the opportunity to brag about his social media influence.

“My Twitter account was taken down for 11 minutes by a rogue employee,” he tweeted on Friday morning. “I guess the word must finally be getting out—and having an impact.”

A source told BuzzFeed that hundreds of Twitter employees have access to high-profile accounts and have the power to deactivate one. Despite discussions, no special protections on verified accounts have been implemented, according to the source.

Twitter users were swift to point out the potential security implications: “It is shocking that some random Twitter employee could shut down the president's account. What if they instead had tweeted fake messages?” tweeted POLITICO editor @blakehounshell.

Any impersonation would have been problematic given that the tweets are given weight as Trump’s preferred method of communication. The National Archives in fact plans to preserve the tweets as part of the president’s legacy of correspondence for future generations; where Abraham Lincoln had diaries and letters, this president has 140-character social media missives.

World leaders also take the Twitter posts seriously. When Trump tweeted, “Just heard Foreign Minister of North Korea speak at U.N. If he echoes thoughts of Little Rocket Man, they won't be around much longer!”, it increased tensions between the two countries, with North Korea weighing whether to take the statement as a declaration of war.

Jackson Shaw, senior director of products for One Identity, said via email that the insufficient protection of Trump's Twitter account points out potentially endemic security oversights at the company. Also, given password reuse, which the president may or may not be guilty of, the people with access to his account password could possibly compromise email accounts and more, making for a serious national security risk.

“I'm sure there was no process to take the rogue employee's access away when he or she resigned,” he said. “In fact, I'm sure their access was informally given: ‘Here's the Twitter password’ versus actually granting access by an identity access management or privileged access management system. This goes to show that Twitter and other social media accounts count as privileged accounts and should be treated just as if they are part of a company's most valuable IT assets. Reputation has incalculable value—as shown in this example. It should be protected accordingly." 

What’s hot on Infosecurity Magazine?