In yesterday’s massive attack on Twitter, some of the highest-profile accounts on the service, including President Barack Obama, Joe Biden, Elon Musk, and Bill Gates had their accounts hijacked to peddle bitcoin scams. Notably, however, Donald Trump, perhaps the most famous Twitter user of all, was untouched by the attack, and it could be because Twitter has implemented extra protections for his account.
In a deeply-reported article on the attack, The New York Times writes that Trump’s Twitter account has extra protection after “past incidents,” citing two anonymous sources — a senior White House official and a Twitter employee. The New York Times didn’t specify what those past incidents were, but they could refer to the November 2nd, 2017 incident where a rogue employee deactivated Trump’s account on his last day at the company. Trump’s account returned to Twitter 11 minutes later.
A day after the deactivation, Twitter said it had “implemented safeguards to prevent this from happening again.” The company didn’t elaborate further. But The Wall Street Journal reported at the time that Twitter had already limited the number of employees who could access Trump’s account following his inauguration. Those tools typically let employees suspend or deactivate accounts, but don’t let them tweet from those accounts, the WSJ said.
Update: We have implemented safeguards to prevent this from happening again. We won’t be able to share all details about our internal investigation or updates to our security measures, but we take this seriously and our teams are on it. https://t.co/8EfEzHvB7p
— TwitterGov (@TwitterGov) November 3, 2017
Motherboard reported that the people involved in Wednesday’s attack were sharing screenshots of a Twitter admin tool apparently used for the attack. And Twitter itself has said that its own employee systems and tools were compromised. If those are also the same systems that no longer had widespread access to Trump’s account as of 2017, that could have made his account more difficult, if not impossible, to access from the admin tool used by the attackers. It’s also possible that Trump’s account was hardened further after the rogue employee deactivated it in November 2017.
Twitter hasn’t replied to a request for comment, so we can’t exactly be sure that those safeguards are what stopped the attackers from hijacking his account on Tuesday. In fact, it’s not clear that the attackers even tried. Either way, they didn’t get in, and that could have prevented an already very bad situation from getting even worse.