A former security chief at Twitter, who issued the whistleblower report About the company, told lawmakers on Tuesday that the platform has serious security and privacy failures that leadership has refused to fix.
Peter “Mudge” Zatko, a cybersecurity expert who served as a Twitter executive from November 2020 until he was fired in January 2022, Testified before the Senate Judiciary Committee He filed a whistleblower complaint with Congress, the Department of Justice, the Federal Trade Commission, and the Securities and Exchange Commission.
,[I] I am here today because I believe that Twitter’s unsafe handling of its users’ data and its inability or unwillingness to truthfully present the issues of its board of directors and regulators has hurt millions of Americans, the American democratic process, and America’s national poses a real risk. Security,” Zatko said in its opening statement.
“Furthermore, I believe that Twitter’s desire to intentionally mislead regulatory agencies violates Twitter’s legal obligations and cannot be ethically condoned.”
The cybersecurity expert said he found that Twitter cannot protect its data because the company does not know “what data it has, where it lives and where it came from.” Employees – especially engineers, who make up half of the full-time workforce – have a great deal of access to data. This means any employee can access sensitive information about a Twitter user, including their geographic location and the data needed to directly access their device.
“It doesn’t matter who has the key if you don’t have a lock on the doors,” he said.
Twitter founder Jack Dorsey after recruiting Zatko to the company The platform was notoriously hacked by teenagers who took over several high-profile accounts as part of an attempt to defraud Twitter users with bitcoin. After joining, Zatko said he found Twitter had a decade of overdue security problems and that the company repeatedly disclosed “highest-level” failures as a result. When his warnings were ignored, he submitted disclosures to government agencies and regulators.
“Twitter leadership is misleading the public, lawmakers, regulators, and even its own board of directors,” Zatko said, adding that leaders ignored the company’s engineers because “their executive encouragement gave them security.” But motivated to prioritize profits.
was similar to the testimony of a cyber security expert Facebook whistleblower Frances Haugen, who spoke to lawmakers last year about concerns about platforms choosing profit over security. While Haugen backed up its claims with internal documents, Zatco has yet to provide documentary support.
Twitter called the former executive’s allegations “a false narrative” that is “full of inconsistencies and inaccuracies and lacks significant context.” Chuck Grassley (R-Iowa), ranking member of the committee, said Tuesday that Twitter CEO Parag Agarwal declined to testify at the hearing, citing ongoing legal proceedings with Tesla billionaire Elon Musk.