In yesterday’s massive attack on Twitter, some of the most talked-about accounts on the service, including President Barack Obama, Joe Biden, Elon Musk and Bill Gates, had their accounts hijacked to carry out bitcoin scams. In particular, Donald Trump, arguably the most famous Twitter user of all, was unaffected by the attack, and Twitter may have implemented additional protection for his account.
In a deeply reported article in the attack, The New York Times writes that Trump’s Twitter account has additional protection after “past incidents,” citing two anonymous sources: a senior White House official and a Twitter employee. The New York Times did not specify what those previous incidents were, but they could refer to the November 2, 2017 incident where a rogue employee deactivated Trump’s account with the company on his last day. Trump’s account returned to Twitter 11 minutes later.
One day after deactivation Twitter said so “Security measures implemented to prevent this from happening again.” The company did not elaborate further. But The Wall Street Journal reported when Twitter had already limited the number of employees who had access to Trump’s account after his inauguration. Those tools typically let employees suspend or deactivate accounts, but don’t tweet from those accounts, the WSJ said.
Update: We have implemented security measures to prevent this from happening again. We can’t share all the details about our internal investigation or updates to our security measures, but we take it seriously and our teams are working on it. https://t.co/8EfEzHvB7p
– TwitterGov (@TwitterGov) November 3, 2017
Motherboard reported that the people involved in Wednesday’s attack shared screenshots of a Twitter admin tool apparently used for the attack. And Twitter itself has said that its own systems and tools for employees have been compromised. If those are also the same systems that no longer had widespread access to Trump’s account as of 2017, that could have made his account more difficult, if not impossible, through the admin tool used by the attackers. It’s also possible that Trump’s account has further hardened after the rogue employee deactivated it in November 2017.
Twitter has not responded to a request for comment, so we can’t be sure whether those protections prevented attackers from hijacking his account on Tuesday. It is not even clear whether the attackers even tried. Anyway, they didn’t come in and that could have prevented an already very bad situation from getting worse.