Former Twitter security chief Peiter Zatko said the company was “misleading the public” about the platform’s real security.
Speaking to US senators on Tuesday, September 13, Zatko claimed Twitter was “a decade behind” on security standards because user data is not sufficiently protected and too many employees have access to it.
Zatko was testifying following an 84-page whistleblower complaint he filed about security practices within the social network.
He also said the “one-time fines” imposed by regulators for breaching data protection rules “didn’t bother Twitter at all.”
Zatko was fired by Twitter in January, and Twitter has previously denied his allegations.
However, his allegations could also serve as ammunition for the world’s richest man, Elon Musk, who is embroiled in a billion-dollar takeover lawsuit with Twitter. Zatko also claimed that Twitter has too many Bot accounts and refused to let him know how many fake accounts there are on the platform.
In his damning testimony on Tuesday, Zatko described Twitter as an organization prioritizing revenue generation above all else.
At the start of the hearing, he said his role as a whistleblower was not a decision he took lightly.
“I’m risking my career and my reputation…if something good comes out of it in five or ten years, it will be worth it,” he said, fighting back tears.
The whistleblower said people’s personal information like their
Phone number, IP address – from which a physical address could potentially be found, email address, device type, browser type, location from which a logged in user could allow an individual to be targeted in the real world.
During questioning, Zatko said employees raised concerns with him that Twitter was running ads from “organizations that may or may not be associated with the Chinese government,” a potential national security risk.
When he raised his concerns with Twitter executives, he was told it would be “problematic” to lose that revenue stream, he said.
He also said he was troubled by Twitter’s attitude to other national security issues he had raised saying that “half the company” was made up of engineers and that they all had access to users’ personal information.
He believed that around 4,000 employees had access to this data and that rogue employees had the power to take information without a trace.
He said Twitter does not log the activity of employees who access private data – which surprised him and that there was a danger that employees could ‘dox’ users, where private information is posted on line.
He also said Twitter’s security systems made it difficult to monitor potential espionage that revealed an Indian spy had been employed by the company.
Zatko was personally hired by Twitter co-founder and former CEO Jack Dorsey after a high-profile attack on the platform’s celebrity accounts.
Zatko previously worked for the US government and Google.
Watch the videos below…
“I’m here today because Twitter’s management is misleading the public, lawmakers, regulators, and even its own board.”
WATCH: Twitter Whistleblower Peiter “Mudge” Zatko completes the opening statement. pic.twitter.com/dq6gJCrd3x
— CSPAN (@cspan) September 13, 2022
Why would Twitter refuse to remove sexually explicit content from underage children or prevent foreign agents from infiltrating the company?
The FTC must investigate Mr. Zatko’s claims to ensure Twitter is held accountable. pic.twitter.com/q0ZlHbZbxO
— Senator Marsha Blackburn (@MarshaBlackburn) September 13, 2022