Skip to main content
Ray Bogan Political Correspondent
Share
Tech

Whistleblower Zatko to Senate: Twitter misleads public, has security issues

Ray Bogan Political Correspondent
Share

A former Twitter executive turned whistleblower appeared before the Senate Judiciary Committee and said that the company is misleading the public, lawmakers, regulators and even its own board of directors. Peiter “Mudge” Zatko, Twitter’s former head of security, also said the social media company is more than a decade behind industry security standards putting users’ personal information at risk to hackers.

“It’s not far-fetched to say an employee could take over the accounts of all the senators in this room,” Zatko said during the hearing.

According to Zatko’s testimony, there is also an internal risk from employees who have far too much access to user data. Approximately 4,000 employees, about half of the total, have access to personal data.

Twitter leadership has refused to make the tough but necessary changes to create a secure platform. Instead, Twitter leadership has repeatedly covered up its security failures by duping regulators and lying to users and investors,” Zatko said.

As an example, Zatko said another C-suite executive asked him to check into a user they thought posed a risk. Zatko said he asked a staff member to look into the user, and the staffer figured out the user’s name, address and current location in ten minutes.

Zatko also described a company that prioritizes profits over security. He testified that Twitter breaks its own policy by allowing organizations associated with the Chinese government to advertise on the site, which could put user information at risk.

“The executive in charge of sales very shortly after I joined said, ‘Mudge, this is a big internal conundrum because we’re making too much money from these sales. We’re not going to stop. We need something that will make the employees feel comfortable with the fact that we’re doing this’,” Zatko told the committee.

Ahead of the hearing, Chairman Dick Durbin, D-Ill., and Ranking Member Chuck Grassley, R-Iowa, sent a letter to Twitter’s CEO, Parag Agrawal, requesting more information about Twitter’s data protection policies.

The letter cited a Twitter employee who was convicted last month of working as an unregistered foreign agent for the Kingdom of Saudi Arabia. The defendant accepted payments in exchange for accessing and providing the private information of Twitter users to members of the Saudi Royal family and other Saudi officials.

The letter also asked Agrawal to address an accusation that the company misled the FTC about deleting the data of people who left the site and the number of access control related security incidents that have occurred over the last two years.

Agrawal was invited to testify but declined, stating testimony could impact Twitter’s ongoing litigation with Elon Musk.

A former Twitter executive turned whistleblower appeared before the Senate Judiciary Committee to say the social media company is more than a decade behind industry security standards and that puts users’ personal information at risk to hackers. 

Mudge: It’s not far-fetched to say an employee could take over the accounts of all the senators in this room.

Zatko, who goes by Mudge, says there’s also an internal risk from employees who have far too much access to user data. This is what he says happened when he asked a staff member to check on a specific user.

Mudge: “It only took that person 10 minutes to get back to me and said here’s who they are, this is the address where they live, this is where they are physically at this moment,

Mudge also described a company that prioritizes profits over security.  He testified Twitter breaks its own policy by allowing organizations associated with the Chinese government to advertise on the site, which could put user information at risk.

Zatko: “The executive in charge of sales came to me and said Mudge it’s a big internal conundrum because we’re making too much money from these sales. We’re not going to stop. We need something to make employees comfortable with the fact that we’re doing this.” 

Ahead of the hearing the Chairman and Ranking member of the committee sent a letter to Twitter’s CEO Parag Agrawal requesting more information about Twitter’s data protection policies.

Agrawal was invited to testify, but declined saying it could impact Twitter’s ongoing litigation with Elon Musk. Straight from DC, I’m Ray Bogan.