No, according to The Block, @elonmusk repeatedly tweeted the scam at 4:17pm, 5:19pm, and 5:32pm, a span of 90 minutes, and the final scam tweet was at 6:05pm from @KimKardashian.
An hour after @elonmusk's first scam tweet, 7 celebrity or corporate accounts had tweeted the scam, all with the same Bitcoin address. With the two-click system I described, how many compromised admin accounts would you expect the security team to have been able to suspend by then?
8 more celebrity accounts went on to tweet the scam, plus @elonmusk and @kanyewest repeating the scam tweets.
If your database system doesn't have a complete audit log of all fields (most databases have this capability, but more often than not it's disabled), it's possible that the mere act of reverting account ownership might remove data needed for tracing down what happened.
Sure, it's a sucky position to be in, but I can see why they might have been hesitant to dive right in and start trying to undo damage before understanding what had happened.
Replication logs (WAL logs in postgres) contain a complete list of changes to every field. Most big companies keep them as part of a backup strategy. But most wouldn't have the tooling to inspect the logs and see exactly which change was made when during an incident.
An hour after @elonmusk's first scam tweet, 7 celebrity or corporate accounts had tweeted the scam, all with the same Bitcoin address. With the two-click system I described, how many compromised admin accounts would you expect the security team to have been able to suspend by then?
8 more celebrity accounts went on to tweet the scam, plus @elonmusk and @kanyewest repeating the scam tweets.
https://www.theblockcrypto.com/post/71906/twitter-account-ha...