I’d have to imagine this is very common, and they’ve probably got one at all the big tech companies. It’s an underreported threat IMO. Who would say no to doubling their salary in exchange for running the occasional DB query for their home country?
And if a little persuasion was needed, the folder with evidence of assets secrets that would turn their life upside down if revealed. Ideally real secrets, but these days made up ones are probably as effective.
Oh boy, I’d encourage you to work in government for a year or two. I did IT for a government department that eventually wound up being investigated for letting the Taliban use their equipment (all I did was help them troubleshoot run of the mill PC issues FWIW). I personally know someone who had root access to a government land auction DB. Someone asked them to run “off the book” queries in exchange for looking the other way if said DBA wanted to run their own unaudited queries.
At competent companies -- I make no claim about Twitter here, but certainly at Google or at my employer -- it is extremely uncommon to have access to that database. All requests to access are logged and individually permissioned. Asking to access without a good reason, such as attachment to an active customer ticket, etc -- will get a hard no.
But at the same time, there's usually a way round it. For example, break the account in some way so the user opens a ticket, then grab the ticket and dump the whole contents of the account to 'debug'.
At a public company like Twitter, for SOX compliance reasons, it will be very difficult to find someone that has such permissions, and running anything unusual can be easily found by auditing. I'd stop with the conspiracy theories.
In general, most companies want to scope SOX as narrowly as possible. So if you can, only things that your auditors think will affect revenue reporting.
Querying ads performance data? Sure, we'll SOXify it.
Querying user accounts writ large? "Meh, our engineers need to be productive."
There are always weaknesses and internal vulnerabilities in every system.
If it was from the inside more likely a privileged user was compromised. It could also explain why Twitter is being quiet, especially if the investigation is ongoing.
Anyone who isn't stupid. Considering how may big corporations have ties with government agencies, if you try to pull something like that and you get caught you could easily be charged with espionage.
Even people with large IQs can be 'temporarily' stupid. Hence the term "lapse in judgement." Somebody who's intelligent but lets their ego run wild might believe they're too smart to get caught.
