A former security chief turned whistleblower at Twitter testified before Senate Judiciary Committee on Tuesday (September 13) about the social media company's security failures. Peiter Zatko said he uncovered serious issues as soon as he joined Twitter in 2020.
"What I discovered when I joined Twitter was this enormously influential company was over a decade behind industry security standards," Zatko said. "The company's cybersecurity failures make it vulnerable to exploitation, causing real harm to real people."
Zatko accused Twitter of failing to abide by the terms of a 2011 settlement with the Federal Trade Commission by lying about its efforts to put stronger security measures in place and protect the privacy of its users.
"It doesn't matter who has keys if you don't have any locks on the doors," he said. "It's not far-fetched to say an employee inside the company could take over the accounts of all the senators in this room."
Zatko said he felt his concerns were not being taken seriously and decided to go public, saying it was "necessary to take on the personal and professional risk to myself and to my family of becoming a whistleblower."
"I did not make my whistleblower disclosures out of spite or to harm Twitter; far from that. I continue to believe in the mission of the company and root for its success. But that success can only happen if the privacy and security of Twitter's users and the public are protected," he said.
Zatko told Senators that Twitter engineers don't understand the data it collects from users, which includes identifying information such as phone numbers and addresses. He said that Twitter doesn't know "why they got it, how it was supposed to be used, when it was supposed to be deleted."
He warned that malicious actors within the company could easily access that data and use it to cause harm to users.
Zatko also voiced concerns that Twitter knew that foreign agents were working for the company but did nothing to stop it. He said that his concerns were dismissed by executives within the company.
"Well, since we already have one, what is the problem if we have more? Let's keep growing the office," Zatko said he was told.