Twitter can’t protect users’ data, former CISO alleges

Share post:

Twitter’s former chief information security officer (CISO) leveled a series of serious accusations against his former employer in testimony before U.S. Congress, including allegations that foreign agents from India and China worked for the company, and that Twitter executives mislead the public and regulators on data security.

“First, they don’t know what data they have, where it lives, or where it came from, and so, unsurprisingly, they can’t protect it,” Peiter Zatko told the Senate judiciary committee on Tuesday. “That leads to the second problem: employees need to have too much access to too much data on too many systems.”

He joined the company in November 2020. Twitter says he was fired in January for “ineffective leadership and poor performance.”

Zatko was quoted by SC Media as saying Twitter’s data infrastructure is so decentralized that not even leadership knows all the data the company collects or where it’s stored. When he brought those concerns to Twitter’s leadership, he claimed their incentive structure led them to prioritize “profits over security.”

The news site The Record quoted him saying roughly half of Twitter employees are engineers who have vast practical access to the company’s systems. However, those systems often lack logging capabilities, so it can be hard to track if someone — such as an agent of a foreign government — inappropriately accesses information.

Several news agencies noted that Twitter has been under a consent decree with the U.S. Federal Trade Commission since 2011 because of several data security incidents. As recently as May, Twitter settled a civil complaint from the agency accusing the company of violating that order by collecting phone numbers of users for account security purposes, then using them to target advertising. The company agreed to pay a US$150 million fine.

In response to the allegations, Agence France Press and others noted that in a statement, Twitter said its hiring process is “independent of any foreign influence” and access to data is managed through a host of measures, including background checks, access controls, and monitoring and detection systems and processes.

The Reuters news agency noted many of the allegations are uncorroborated and have little documentary support.

Zatko was emphatic. “It’s not far-fetched to say that an employee at the company could take over the accounts of all of the senators in this room,” he was quoted as saying. “Given the real harm to users and national security, I determined it was necessary to take on the professional and personal risk to myself and my family of becoming a whistleblower.”

The testimony comes as the U.S. House of Representatives is dealing with a bipartisan federal privacy bill.

The post Twitter can’t protect users’ data, former CISO alleges first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Cyber Security Today, June 19, 2024 – How an attacker hid on an IT network for three years

How an attacker hid on an IT network for three years Welcome to Cyber Security Today. It's Wednesday June...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways