Twitter’s former head of security, Peiter Zatko, says the firm is “misleading the public” about how secure the platform really is.
Speaking to US senators on Tuesday, September 13, Zatko claimed Twitter was “a decade behind” security standards as users’ data are not sufficiently protected and that too many staff have access to it.
Zatko was giving evidence following an 84-page long whistleblowing complaint he made about security practices inside the social network.
He also said “one-time fines” imposed by regulators over breaches of rules on data protection “didn’t bother Twitter at all”.
Zatko was fired by Twitter in January and Twitter has in the past denied his allegations.
However, his allegations could also come as ammo for world’s richest man, Elon Musk who is in engaged in a billion dollar takeover lawsuit with Twitter. Zatko also claimed that Twitter has too many Bot accounts and refused to let him know the amount of fake accounts in the platform.
In his damning testimony on Tuesday, Zatko described Twitter as an organisation prioritizing revenue generation above everything else.
At the start of the hearing he said his role as a whistleblower was not a decision he had taken lightly.
“I’m risking my career and reputation… if something good comes out of it five or ten years down the line, it will be worth it,” he said while holding back tears.
The whistleblower said that peoples’ personal information like their
Phone number, IP address – from which a physical address could potentially be found, Email address, Type of device, Type of browser, Location a user connected from could enable an individual to be targeted in the real world.
During his questioning, Zatko said that employees had expressed concerns to him that Twitter was carrying advertising from “organisations which may or may not be associated with the Chinese government”, a potential national security risk.
When he raised concerns with Twitter executives he was told it would be “problematic” to lose that revenue stream, he said.
He also said he was troubled by Twitter’s attitude to other national security issues he had raised saying “half the company” were engineers and they all had access to users’ personal information.
He believed around 4,000 employees had access to this data and that rogue employees had the power to take information without leaving a trace.
He said Twitter does not log the activity of employees who access private data – which surprised him and that there was a danger that employees could “dox” users, where private information is posted online.
He also said that Twitter’s security systems made it difficult to monitor potential espionage revealing an Indian spy had been employed by the company .
Zatko was personally hired by Twitter’s co-founder and former CEO Jack Dorsey, after a high-profile attack of the platform’s celebrity accounts.
Zatko has previously worked for the US government and Google.
Watch the videos below…