Twitter whistleblower, and former head of security, Peiter Zatko, told the US Congress that the platform ignored his security concerns.
Peiter ‘Mudge’ Zatko, former head of security, testified in front of Congress on Tuesday, maintaining that the platform ignored his security concerns and was vulnerable to cyber attacks.
Zatko filed a whistleblower complaint in July with Congress, the justice department, the Federal Trade Commission and the Securities and Exchange Commission, arguing that Twitter misleads regulators and the public about its cybersecurity best practices.
The expert added that ‘any employee could take over the accounts of any senator in this room.’ While serving as head of security for the company, from late 2020 until January 2022, he repeatedly alerted the management of the presence of severe vulnerabilities that could expose the platform to compromise.
“I’m here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko told the hearing.
“They don’t know what data they have, where it lives, or where it came from. And so, unsurprisingly, they can’t protect it,”
“It’s not an exaggeration that any employee could take over the accounts of any senator in this room,” he said. he added,
The experts explained that the leadership of the company lacked the skills to understand his numerous alerts and put profits as their top priority.
“To put it bluntly, Twitter leadership ignored its engineers because key parts of leadership lacked competence to understand the scope of the problem,” he said.
“But more importantly, their executive incentives led them to prioritize profits over security.”
Zatko also provided a comment on the alleged motivation behind the dispute between Elon Musk and Twitter. The cybersecurity expert explained that Twitter tools and personnel were not sufficient to prevent the use of bots on their platform.
Twitter dismissed Zatko’s complaint as being without merit, the company defined the testimonial of the expert as “a false narrative … riddled with inconsistencies and inaccuracies” and lacking important context.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, Twitter)