Of course it was a surprise to log onto Twitter two weeks ago to find that over a hundred accounts had been hijacked, but sadly, hacking is so commonplace today--even of large companies that hold vast quantities of personal information--that it's only somewhat interesting.
Most people kept tweeting, with only cursory reminders and jokes about passwords and password managers. And after the hack was brought under control, activity returned mostly back to normal.
Twitter's statement indicates the hacker got access to the tools used to access the accounts that were hacked via a social engineering scam that involved employees. Apparently, over 1,000 employees at Twitter had access to these tools. There are several facts still in question.
One is why over a thousand employees had access to tools that allow such control over the company's user-facing system, and whether their use of these tools is audited, as is common practice.
A second is how the alleged social engineering took place.
But that's not the point.