A bug in Twitter about how it handles password reminders allowed users to take control of other accounts such as @emoji and @god.
Usually if a user went to reset a password, it would partially asterisking the mail out, however this time it displayed the full email address tied to it.
This allowed hackers to hijack many accounts and tweet on their behalf, but majority of accounts that were soon taken over were restored to normal.
Source: https://blog.itgovernance.co.uk/blog/god-and-emoji-hacked-in-twitter-bug
TPRM report: https://scoringcyber.rankiteo.com/company/twitter
"id": "twi13217522",
"linkid": "twitter",
"type": "Vulnerability",
"date": "02/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology',
'location': 'Global',
'name': 'Twitter',
'type': 'Social Media Platform'}],
'attack_vector': 'Password Reset Exploit',
'data_breach': {'personally_identifiable_information': 'Email Addresses',
'sensitivity_of_data': 'Medium',
'type_of_data_compromised': 'Email Addresses'},
'description': "A bug in Twitter's password reminder system allowed users to "
'take control of other accounts by displaying the full email '
'address tied to the account.',
'impact': {'brand_reputation_impact': 'Negative',
'systems_affected': 'Twitter Accounts'},
'lessons_learned': 'Ensure proper masking of sensitive information in '
'password reset processes.',
'motivation': 'Account Takeover',
'post_incident_analysis': {'corrective_actions': 'Fix the bug and restore '
'affected accounts',
'root_causes': 'Bug in password reminder system'},
'recommendations': 'Implement robust security measures to prevent '
'unauthorized access to account information.',
'response': {'remediation_measures': 'Restored affected accounts to normal'},
'threat_actor': 'Hackers',
'title': 'Twitter Password Reset Vulnerability',
'type': 'Account Takeover',
'vulnerability_exploited': 'Password reminder bug'}