
Twitter's clumsy response to hack raises questions about Jack Dorsey's role - rmason
https://www.cnet.com/news/twitters-clumsy-response-to-hack-raises-questions-about-jack-dorseys-role/
======
olliej
honestly I didn't think it was a clumsy response. It seems perfectly
reasonable:

* First they clearly assumed it was a limited number of accounts that were compromised, so they went after single accounts.

* Once they realized there was a bigger problem, they locked down the high value (for this kind of scam) accounts

* Then they went for a high level filter so the same scam couldn't appear on any other accounts while they worked out what happened

* They didn't re-enable the locked accounts until they had a handle on, and presumably control of, the attack.

This seems like a reasonable response, and the time between when it started,
to when they stopped it, to when they restored service all seemed absolutely
fine. It speaks somewhat to a lack of sufficient access control limits, but
there are very few companies can guarantee that their access control divisions
are perfect.

