Social engineering could be very easy from within the US, e.g. if you're the neighbour of a Twitter rep working from home and can talk them into handing you their phone for a few minutes. From outside the US it's much harder, esp since an accent could make social engineering via phone less effective.
If Twitter uses the same 2FA internally as they do for customers it'd be pretty easy to take over a support account if you know of the location of an employee.
If Twitter uses the same 2FA internally as they do for customers it'd be pretty easy to take over a support account if you know of the location of an employee.