Peter Zatko, Twitter’s former head of information security, told members of the US Senate Judiciary Committee on Tuesday that the social network is sacrificing security for profit — which could put user information “in the wrong hands.”
As Zatko said, it would not be a gross exaggeration to say that a company employee is able to gain control of the accounts of every senator present at the hearings. Information about Zatko’s intention to cooperate with the authorities first surfaced about a month ago. In his opinion, Twitter lacks basic protective measures, and access to data is practically free for employees. According to him, an agent from one of the foreign special services also got into their number. Numerous speculations are based on Zatko’s statement, both from officials and from lawyers for Elon Musk, who does not want to acquire a social network after a hasty announcement of the purchase.
Twitter disputed the former employee’s words, arguing that the company controls access to data, conducts staff checks and regularly monitors security systems, and Zatko’s testimony is riddled with numerous inaccuracies.
According to a former top executive at the company, Twitter’s systems are so disorganized that the platform can’t say for sure if any data has been permanently deleted — Twitter simply doesn’t know where all the information is stored or what kind of data it is acts . Therefore, the company is unable to protect them effectively. In addition, Zatko explained that Twitter does not even have an intermediate environment for testing updates – this creates a favorable environment for the appearance of numerous bugs and other problems.
In addition, Zatko said that Twitter employees have a lot more data access than they should. “It doesn’t matter who has the keys if you don’t have locks on the doors” he said. According to the former head of information security, far fewer people should have access than today, as such negligence opens up great opportunities for bribery and hacking.
Another important point is the lack of fear of Twitter liability to US authorities. According to Peter Zatko, one-off fines are not enough for a company to implement more stringent information security practices, even if such a fine is in the hundreds of millions of dollars. This requires a tighter targeted policy of external control.
Despite the vulnerabilities, Zatko and experts emphasize that it is not at all necessary to delete accounts for users, since the modern reality is that social networks have become an analogue of the “town square” and serve the common good, and it is almost impossible for them to give up completely.