Twitter whistleblower Pater Zatko called the company the wild west of insecure data, with management consistently prioritizing revenue and growing followers over security and privacy.
“Thousands of Twitter employees can access user data they don’t need access to do their job. And if foreign assets are running on Twitter, those foreign assets can also access the data,” he said in testimony before the Senate Judiciary Committee. “An employee can take over the accounts of all the senators in that room.”
Last month, a former Twitter employee was found guilty of spying on Saudi dissidents using the social media platform to pass their personal information to an aide to Crown Prince Mohammed bin Salman.
Zatko, known as “Maj”, the hacker who headed Twitter security until he was fired in early 2022, said some Twitter employees are also concerned that the Chinese government may be collecting user data.
When he first came to Twitter, “there were thousands of failed system access attempts a week that no one noticed,” which surprised management. In general, poor tracking of who logs in or tries to log in “is a holdover [Twitter] are still in development.”
“It’s a culture where they can only focus on one crisis at a time, and that crisis… just gives way to another crisis. I think they would like to wave a magic wand and fix all of these things,” he said, but that will require legwork, time, money and increased transparency.
“If you could properly log, track and determine where the data is, if you knew where everything is in your database, you could absolutely delete it. But it was not a priority compared to other projects such as increasing revenue and users,” he said. He said the service endangered the health and safety of users, as well as national security, and that it misled its own board.
Twitter is currently suing Elon Musk in the Delaware Court of Chancery for terminating a $44 billion deal to buy the company. Tesla’s billionaire founder broke off the engagement in July, before Zatko’s allegations surfaced. In a setback for Twitter, a Court of Chancery judge last week agreed that the Musk camp could use the whistleblower’s complaint in a trial scheduled for next month.
Twitter described Zatko as a disgruntled former employee and said it investigated the concerns he raised at the company and found them unfounded.
Ranking member Senator Chuck Grassley said the Judiciary Committee invited Twitter CEO Parag Agrawal to a hearing today, but the chief refused to appear, saying it would jeopardize the ongoing lawsuit. “It seems more important than Twitter’s civil litigation in Delaware,” Grassley said.
The hearing is ongoing, the KristenBellTattoos.com will be updated. Twitter shareholders are due to vote on the Musk deal in a special meeting at 1:00 pm ET.