Yeah, response time might be slower in the middle of the night, but a falsified tweet on a celebrity account in the middle of the night is also likely proportionally less damaging.
Response time during lunch hour might be slower initially, but after responding to the first compromised account I don't think they'd be any slower.
If an admin account is only supposed to be for use by a human employee, it should have a rate-limit tripwire that automatically suspends the account and alerts the security team.
> ... a falsified tweet on a celebrity account ...
A Hollywood celebrity? A bay area techbro "celebrity"? Or a Bollywood celebrity? Or a British Royal family celebrity? Or a KPop celebrity? Or a Russian oligarch celebrity?
The middle of who's night??? Twitter does exist on the other side of the Bay Bridge you know...
> Just target the attack in the middle of the night
Define 'middle of the night'. Is that Eastern US, Western US, GMT, or CET?
If I assume it's 2 AM pacific (since Twitter HQ is in SF), that's 11 AM in most of Europe, which makes it middle of the day for about 700 million Europeans, many of whom speak English and are interested in US celebrities. And that's still ignoring the majority of the World.
Anything on the internet is 24/7. Musk regularly tweets in the 'middle of the night' and I see those tweets come in while drinking a cup of coffee.
Also, Twitter has offices around the world and people don't collectively log out for lunch at a specific time, so there should always be people available to handle this type of incident. Provided they get the training and tools to do so.
Furthermore, the next attack will probably be automated and be against far, far more accounts.