Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Musk’s Twitter still has a ‘GodMode’ that allows any engineer to tweet from any account, claims whistleblower

January 25, 2023, 12:49 PM UTC
Twitter logo is displayed on a smartphone with graphics world map on the background.
Twitter is under even more pressure to fix privacy and security issues.
Omar Marques—SOPA Images/LightRocket/Getty Images

A new Twitter whistleblower has highlighted a serious ongoing security concern that the social media company claimed it fixed back in 2020. 

The former employee claims that current staff still have access to “GodMode,” an internal setting that allows engineers at the company to access and post from any Twitter account, in a warning to members of Congress and the Federal Trade Commission and reported by the Washington Post. 

The whistleblower said the function was originally intended to enable employees to tweet on behalf of advertisers that weren’t able to do so themselves, and, following previous controversy, it was renamed “privileged mode.” 

Prior to Elon Musk’s takeover, Twitter’s privacy protections drew heavy criticism in 2020 when a group of teenagers hacked into the systems and tweeted from high-profile, verified accounts including those of Barack Obama, Joe Biden, and Musk himself. 

At the time, Twitter said that it had repaired glitches and had restricted use of such functions. Now, little more than three months into Musk’s leadership, several former employees who recently left reportedly say security concerns are worse. 

GodMode is still available to any engineer who requests access or to anyone familiar with the vulnerability, the new whistleblower said. Changes made couldn’t be traced back to the person who used the mode, the whistleblower added.

“Think before you do this”

According to the Post, the former employee demonstrated that someone with access (such as a Twitter engineer) could activate the function by changing one line of code from “FALSE” to “TRUE.” 

Further screenshots reportedly showed that in the program line where those with access could delete tweets, a comment read in all caps: “THINK BEFORE YOU DO THIS.” 

The whistleblower pointed out that GodMode could also be used by anyone who managed to hack into an engineer’s computer, and that engineers’ computers have been compromised before. 

“The existence of GodMode is one more example that Twitter’s public statements to users and investors were false and/or misleading,” the complaint reads.

“Our client has a reasonable belief that the evidence in this disclosure demonstrates legal violations by Twitter.” 

This is not the first time the issue has been brought up. Another complaint of a similar nature was filed by Whistleblower Aid in October with the FTC, which is still investigating the matter. 

Twitter did not immediately respond to Fortune‘s request for comment outside of U.S. work hours.

Learn how to navigate and strengthen trust in your business with The Trust Factor, a weekly newsletter examining what leaders need to succeed. Sign up here.