independent security researcher Kevin Beaumont and other analysts see evidence that some X origin servers, which respond to web requests, weren’t properly secured behind the company’s Cloudflare DDoS protection and were publicly visible. As a result, attackers could target them directly
oops
I wonder if the security team that left twitter en-masse would have discovered this before the hackers did? Oh well.