In a press release announcing the decision, Twilio revealed which services Parler was using. This information allowed hackers to deduct that it was possible to create users and verified accounts without actual verification.

With this type of access, newly minted users were able to get behind the login box API used for content delivery. That allowed them to see which users had moderator rights and this in turn allowed them to reset passwords of existing users with simple “forgot password” function. Since Twilio no longer authenticated emails, hackers were able to access admin accounts with ease.