Musk’s Twitter still has a ‘GodMode’ that allows any engineer to tweet from any account, claims whistleblower

Alice Hearing
·2 min read
2
  • Oops!
    Something went wrong.
    Please try again later.

A new Twitter whistleblower has highlighted a serious ongoing security concern that the social media company claimed it fixed back in 2020.

The former employee claims that current staff still have access to “GodMode,” an internal setting that allows engineers at the company to access and post from any Twitter account, in a warning to members of Congress and the Federal Trade Commission and reported by the Washington Post.

The whistleblower said the function was originally intended to enable employees to tweet on behalf of advertisers that weren’t able to do so themselves, and, following previous controversy, it was renamed “privileged mode.”

Prior to Elon Musk’s takeover, Twitter’s privacy protections drew heavy criticism in 2020 when a group of teenagers hacked into the systems and tweeted from high-profile, verified accounts including those of Barack Obama, Joe Biden, and Musk himself.

At the time, Twitter said that it had repaired glitches and had restricted use of such functions. Now, little more than three months into Musk’s leadership, several former employees who recently left reportedly say security concerns are worse.

GodMode is still available to any engineer who requests access or to anyone familiar with the vulnerability, the new whistleblower said. Changes made couldn’t be traced back to the person who used the mode, the whistleblower added.

“Think before you do this”

According to the Post, the former employee demonstrated that someone with access (such as a Twitter engineer) could activate the function by changing one line of code from “FALSE” to “TRUE.”

Further screenshots reportedly showed that in the program line where those with access could delete tweets, a comment read in all caps: “THINK BEFORE YOU DO THIS.”

The whistleblower pointed out that GodMode could also be used by anyone who managed to hack into an engineer’s computer, and that engineers’ computers have been compromised before.

“The existence of GodMode is one more example that Twitter’s public statements to users and investors were false and/or misleading,” the complaint reads.

“Our client has a reasonable belief that the evidence in this disclosure demonstrates legal violations by Twitter.”

This is not the first time the issue has been brought up. Another complaint of a similar nature was filed by Whistleblower Aid in October with the FTC, which is still investigating the matter.

Twitter did not immediately respond to Fortune‘s request for comment outside of U.S. work hours.

This story was originally featured on Fortune.com

More from Fortune:
Olympic legend Usain Bolt lost $12 million in savings to a scam. Only $12,000 remains in his account
Meghan Markle’s real sin that the British public can’t forgive–and Americans can’t understand
‘It just doesn’t work.’ The world’s best restaurant is shutting down as its owner calls the modern fine dining model ‘unsustainable’
Bob Iger just put his foot down and told Disney employees to come back into the office