Twitter’s former head of security, Peiter Zatko blew the whistle on his employer and revealed some major security threats in the platform’s operation.
In his testimony to the Senate Judiciary Committee on Tuesday, Zatko revealed that he has seen private message boards of Twitter employees offering to sell Twitter user data to foreign entities.
Zatko first came to congress back in July with allegations that Twitter employees had access to sensitive data of users without proper oversight. He had also made allegations of involvement of foreign spies within the company.
According to Zatko, Twitter collects the following data of all its userbase: “the phone number, the latest IP address they have connected from, the current email, how long have they been using that email account, what are their prior emails, where do we think they live, where do we think they are connected from right now, are they still connected or actively using the information, what type of device are they connected with, what type of web browser are they using, which brand is it, possibly which computer, what language did they connect in?” And other sensitive information, Zatko explained to Louisiana Republican Senator John Kennedy.
Almost any engineer working at Twitter can access that information, without proper oversight, he alleged.
“So this engineer, who can secretly go into Sen. Grassley’s account and get all this information, Twitter has no idea what the hell that engineer is going to do with that information?” Sen. Kennedy asked. “So that engineer at Twitter could sell it, for example, couldn’t he?”
“I’ve seen numerous accounts on underground forums offering to sell such access, whether those accounts are valid or not. But I’ve seen the offers to sell access to accounts, to delete accounts, to un-ban accounts,” Zatko responded.
“That engineer could just call one of his buddies and say, ‘hey, you don’t like Sen. Grassley. Let me give you some information here and you can use it against him.’ Could that happen?” Kennedy continued.
“With the access that they have,” Zatko noted.
“Would Twitter know that they did that?” Kennedy followed up.
“Not necessarily,” Zatko acknowledged.
Today, I was told that half of Twitter’s employees have access to sensitive information on individual users that they could use and abuse.
Twitter’s board was warned about this danger, but they apparently have “other priorities” . . . like hiring foreign spies. pic.twitter.com/plwFoeIsdd
— John Kennedy (@SenJohnKennedy) September 13, 2022
Zatko also expressed concerns about Chinese spies operating in the company. Iowa Republican Senator and Judiciary Committee ranking member, Senator Chuck Grassley said in his opening remarks that a former Twitter accounts manager, Ahmad Abouam was a Saudi foreign agent and he never disclosed his identity to either the company.
What do you make of Peter Zatko allegations against his former employer? Share e your thoughts in our Facebook comments!