Twitter has serious problems, according to new testimony from the company’s former security chief. Peter “Mudge” Zatko, who came forward as a whistleblower in August. That’s the central issue: the sensitive personal data of its 400 million users is at risk, he says.
During a bipartisan hearing Before the US Senate Judiciary Committee on Tuesday, Zatko shared new details about his earlier claim that about 50 percent of Twitter’s more than 7,000 employees could potentially access any user’s personal information, including their address, phone numbers and even their current physical location. location. Although Twitter has a policy against employees who inappropriately access data, Zatko argues that there is not enough technology to prevent them from doing so. If true, this poses a serious security concern for Twitter’s more than 400 million users – including high-profile world leaders, journalists and activists.
“I’m here today because Twitter’s leadership is misleading the public, lawmakers, regulators and even its own board of directors,” said Zatko, who headed Twitter’s security department from November 2020 to January 2022. “The company’s cybersecurity failures make is vulnerable to exploitation, causing real harm to real people.”
Zatko is in his testimony, which comes a few weeks after the whistleblower’s complaint filed with the SEC was made public.
Twitter did not respond to a request for comment after the hearing, but the company did previously described by Zatko as a disgruntled ex-employee who promotes “fake story which is riddled with inconsistencies and inaccuracies” about the company after it was fired for “ineffective leadership and poor performance”. In June, the company agreed to pay about $7 million in the settlement with Zatko, a few days before he discovered the whistleblowers.
According to Zatak, Twitter’s weak technical infrastructure exposes the personal information of its users. In many technology companies, engineers work in a test environment, where there is no real user data and where engineers are free to experiment with new features and changes. But on Twitter, Zatko said, the company allows all of its engineers access to its “production environment,” or the actual product, giving them access to real user data.
“This is unusual; this is an exception to the norm. Most companies will have a place where you test your software,” said Zatko, whose concern is that anyone with access to Twitter’s production environment — which he estimates is half the company — “could root” to find people’s personal information and ” used them for his own purposes.”
The issue of employee access to user data is just one example in Zatko’s portrait of the company he says he “leads[s] from fire to fire” instead of addressing long-standing technical vulnerabilities that put users at risk.
“It’s a culture where they don’t prioritize. They are only able to focus on one crisis at a time,” said Zatko. “And that crisis is not over. It was simply replaced by a new crisis.”
The biggest crisis at Twitter right now is the uncertainty over who will ultimately own the company. In April, Elon Musk offered to buy Twitter for $44 billionjust yes back his offers shortly thereafter.
Musk claimed that Twitter executives did not respond to his requests for information about spam bots and other problems with the platform, which he claims made his bid to buy the company obsolete. It’s Twitter sue Mask in an attempt to force him into a deal. Now, Zatko’s claims could be convenient fodder for Musk to get out of the Twitter deal, bolstering his claim that the company hasn’t disclosed the full extent of its problems. Musk subpoenaed Zatko as part of his legal defense against Twitter.
But regardless of Zatko’s motives or how Musk’s legal team might use his testimony to their advantage, if what the former employee says is true, it reveals a potentially serious breach of duty by Twitter to nearly half a billion users.
At Wednesday’s hearing, Zatko also shared more details about foreign agents who allegedly infiltrated Twitter staff to potentially collect private user data or gain insight into Twitter’s operations. Zatko said “at least” one foreign agent from China is suspected to be working at the company, raising serious national security concerns. Twitter has previously come under fire for hiring the two employees who allegedly spied on local dissidents on behalf of the Saudi Arabian government; one of those the employee was convicted on espionage charges in US federal court in August. Zatko also wrote in his complaint that Twitter was also pressured to hire an Indian foreign agent on its payroll to appease the government there.
Zatko said that at one point, when he alerted a senior executive about another suspected foreign agent working for the company, they responded, “Well, since we already have one, we better have more. Let’s continue to grow the office.”
Senators on both sides of the aisle have been largely supportive of Zatko, who likes to be a Facebook whistleblower Frances Haugen, described as fulfilling a patriotic duty to uncover the truth about how influential tech corporations are run. The senators continued to show their partisan divide on the issues they raised about Twitter, with some Democrats criticizing Twitter’s handling of misinformation and Republicans questioning whether the company censors conservative speech.
Overall, though, the hearing remained relatively focused on security issues.
“Based on your findings, it appears to me that Twitter’s CEO is more concerned with increasing influence and profits from foreign countries than protecting user data from foreign spies or hackers,” Sen. Mike Lee (R-UT) said at a hearing Tuesday. .
Sen. Chuck Grassley (R-IA), who opened the hearing along with Sen. Dick Durbin (D-IL), shared his disappointment that Twitter CEO Parag Agrawal declined an invitation to speak at the hearing out of concern that it could harm the company’s business ongoing litigation with Elon Musk.
“If these allegations are true, I don’t see how Mr. Agrawal can continue to hold his position on Twitter,” Senator Grassley said.
Sen. Amy Klobuchar (D-MN), who is they are trying to pass antitrust legislation targeting tech companies, he said during Tuesday’s hearing that Congress has held dozens of hearings on big tech regulation over the past few years but has yet to pass any legislation on the issue. Klobuchar and other senators also called for more funding for the Federal Trade Commission to better enable it to enforce penalties against Twitter and other tech companies. But that didn’t happen either.
Regardless of whether Congress takes further action or not, Twitter’s problems will continue to play out in the Twitter vs. Elon Musk trial, which is scheduled to begin next month in Delaware Court.