According to new testimony from the company’s former security chief Peiter “Mudge” Zatko, who surfaced as a whistleblower in August, Twitter has serious problems. The sensitive personal information of 400 million users is at risk, he said.
At a bipartisan hearing before the U.S. Senate Judiciary Committee on Tuesday, Zatko said that about 50% of Twitter’s more than 7,000 employees have personal information about their users, including addresses, phone numbers, and even current physical information. shared new details about his previous allegations that he may have access to personal information. position. Twitter has policies against inappropriate access to data by employees, but Zatko argues that there aren’t enough technical ways to stop employees from inappropriately accessing data. is. If true, it would be a serious security concern for his more than 400 million Twitter users, including prominent world leaders, journalists and activists.
Zatko, who led Twitter’s security team from November 2020 to January 2022, said: Exploit and cause real harm to real people. “
Zatko detailed several other egregious allegations of Twitter’s security flaws in his testimony weeks after the whistleblower complaint he filed with the SEC went public.
Twitter did not respond to a request for comment after the hearing, but the company described Zatko as a “false narrative full of contradictions and inaccuracies” after he was fired for his “ineffective leadership.” He describes himself as a disgruntled ex-employee who spreads and poor performance. In June, the company agreed to pay about $7 million in a settlement with Zatko, just days before making the whistleblower disclosure.
According to Zatko, Twitter’s vulnerable technical infrastructure exposes users’ private information. At many technology companies, engineers work in test environments where they have no real user data and are free to experiment with new features and changes. But on Twitter, Zatko said the company gives every engineer access to a “production environment” or real product so they can access real user data.
This is strange. This is a standard exception. Most companies have a place to test their software,” Zatko said. His concern is that anyone with access to Twitter’s operational environment (which he estimates is half the company) could find people’s personal information and “do it for their own purposes.”
The issue of employee access to user data is just one example of what Zatko describes as a company.[s] From fire to fire, rather than addressing long-standing technical vulnerabilities that put users at risk.”
“It’s a non-prioritization culture. They can only focus on one crisis at a time,” said Zatko. “And that crisis is not over. It will simply be superseded by another.”
Twitter’s most pressing crisis at the moment is the uncertainty about who will ultimately own the company. has been withdrawn.
Musk claims that Twitter executives did not respond to his requests for information about spambots and other issues with the platform, which suggests his offer to acquire the company has become obsolete. Claims. Twitter is suing Musk to force him into a deal. Now, Zatko’s allegations could prove useful material for Musk to get out of his Twitter deal, backing up his claim that the company has not disclosed the full extent of the issue. Musk has filed a subpoena against Zatko as part of its legal defense against Twitter.
However, regardless of Zatko’s motives or how Musk’s legal team may use his testimony to their advantage, if the former employee’s statement is true, it could be a material breach of duty by Twitter. It will be revealed to nearly 100 million users.
At Wednesday’s hearing, Zatko also shared details about foreign agents allegedly infiltrating Twitter staff to gather personal information about users and gain insight into Twitter’s operations. Zatko said “at least” one foreign agent from China is suspected of working for the company, raising serious national security concerns. Twitter has previously come under fire for hiring two of his employees who allegedly spied on local dissidents on behalf of the Saudi government. He, one of those employees, was convicted of espionage charges in a U.S. federal court in August. Zatko wrote in the complaint that Twitter was also pressured to hire foreign agents in India on payroll to appease the Indian government.
At one point, Zatko said when he alerted senior executives that another suspected foreign agent was working for the company, they responded: Let your office grow. “
Senators on both sides of the aisle, like Facebook whistleblower Francis Haugen, have done their patriotic duty by revealing the truth about how influential tech companies operate. Senators continued to show partisan disagreement over what issues they raised about Twitter, with some Democrats criticizing Twitter’s erroneous Criticizing its handling of information, Republicans question whether the company censors conservative speech.
Still, overall, the hearings were relatively focused on the security issues at hand.
Senator Mike Lee (R-Utah) said at a hearing on Tuesday, “Based on your disclosures, Twitter’s CEO is more concerned with foreign influence than protecting user data from foreign spies and hackers. They seem interested in increasing their power and profits.” .
Senator Chuck Grassley (R-Iowa), who held the hearing alongside Senator Dick Durbin (D-Illinois), said Twitter CEO Parag Agrawal declined an invitation to speak at the hearing. expressed disappointment. Ongoing lawsuit with Elon Musk.
“If these allegations are true, I doubt Mr Agrawal will be able to maintain his position on Twitter going forward,” said Senator Grassley.
Sen. Amy Klobuchar (D-Minnesota), who is trying to pass an antitrust law targeting tech companies, said at a hearing Tuesday that Congress has held dozens of hearings on big tech regulation over the past few years. and said it had not yet passed a single bill. about the problem. Klobuchar and other senators are also calling for more funding for the Federal Trade Commission to allow it to apply penalties to his Twitter and other tech companies. But that’s not happening either.
Whether or not Congress takes further action, the Twitter issue will continue to play out in the Twitter v. Elon Musk litigation trial, which begins next month in Chancery Court, Delaware.
