[numberonepal]

Twitter had a FUBAR IT department seriously lacking in fundamentals. Children and criminals were running the IT division of Twitter. 5000+ people had access to live production data/environment. They didn’t even have dev and QA servers or testing data. Developers did their changes DIRECTLY IN PRODUCTION!

Great thread here about it:
https://twitter.com/AvidHalaby/status/1602127460677844993

Twitter Whistleblower Disclosure
https://s3.documentcloud.org/documents/22186683/twitter-whistleblower-disclosure.pdf

[tang-soo]

Twitter Whistleblower Disclosure

https://s3.documentcloud.org/documents/22186683/twitter-whistleblower-disclosure.pdf

I spent a couple of hours reading this - and wow. I work for a well-known company that is extremely proactive about information security so I can appreciate what this stunning document says. Comingled production, dev, and test environments, more than 50% staff with production access, unlicensed software, disabled security software, more than 50% computers without up-to-date security software, no phishing tests performed against employees after they told regulators they did, casual protection of passwords, no automated updates of software and OS, users probably have access to download files or use USB to copy files to and from their devices, no functional backup process for years, no effective disaster recovery plan in place. Those are just a few of the items that made my hair stand on end.

I hope the new ownership can right the ship. He should rehire the whistle-blower - Mudge.