This si so embarassing and it pointed out that we don't actually need a password. Not your key, not your access should be implemented.
This is no ordinary hack, it's too hard to hack Twitter, and I believe they have enough security to keep people safe. I think someone inside the company did this
No this is a social engineering attack so mostly doesn't matter if you have strong security or not. More likely a breach in human communication protocol and allow hacker to get hold information to log in. Look up their report explains this matter.