- by theguardian
- 21 Sep 2023
A Twitter whistleblower who accused the company of "egregious" security deficiencies testified in front of Congress on Tuesday, alleging those failures made the platform vulnerable to exploitation, including by foreign agents.
Former hacker Peiter "Mudge" Zatko worked as head of security at Twitter from 2020 until he was fired in 2022, and says in that time he witnessed "extreme, egregious deficiencies by Twitter in every area of his mandate".
"I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors," Zatko said as he began his sworn testimony. "They don't know what data they have, where it lives and where it came from and so, unsurprisingly, they can't protect it," Zatko said. "It doesn't matter who has keys if there are no locks."
Zatko filed a whistleblower complaint in July with Congress, the justice department, the Federal Trade Commission and the Securities and Exchange Commission alleging that Twitter mislead regulators and the public about its safety practices.
At the hearing on Tuesday, he detailed those claims, saying that Twitter runs out-of-date and vulnerable software on more than half of its data center servers. He summarized concerns into two main categories: the company does not know enough about its own data, and employees have too much access to data.
"It's not an exaggeration that any employee could take over the accounts of any senator in this room," he said.
Zatko alleged that Twitter was breached by foreign intelligence agencies in "multiple episodes".
Premier announces changes to long-delayed project
read more