Twitter did not reveal whether the attackers had to trick employees into giving up only passwords or if their accounts were also protected with Multi-Factor Authentication (MFA). Implementing MFA, even for accounts accessed from an internal network, makes it much more difficult for attackers to gain control. Attacks that target employees through social engineering, whether it involves email, phone calls, USB drives sent through the mail, or even in-person entries into company properties can be just as devastating as a trusted insider going rogue or bribes paid to employees to participate in a coordinated scheme. The best security controls to help detect and quickly stop the damage from such insider attacks include detailed auditing and role-based behavior anomaly detection, as well as reporting from vigilant employees who are trained to recognize and report suspicious behavior. Using security monitoring systems that build a baseline for what employees in particular roles usually do and then alerts on abnormal patterns of access or use of applications can go a long way to recognize and investigate potential attacks in the early stages. The Twitter blog posts about the incident can be found here: https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html