Read Time:2 Minute, 21 Second
Twitter’s former head of security has come out against his former employer, alleging lax security at all levels of the company that puts users’ data at risk.
Twitter, according to Peiter “Mudge” Zatko, a retired hacker and cybersecurity specialist, has vulnerabilities from the top down; that half of Twitter’s employees have access to users’ data; company executives failed to safeguard consumers’ private information, and Twitter has permitted government agents into the business.
The whistleblower revealed that when customers delete their Twitter accounts, their user data is often not deleted, and half of the company’s thousands of employees have access to it. According to interviews with Zatko, an alarming number of employees also have access to the platform’s “production environment”, allowing them to make changes to Twitter. The company had no record of who went in or what was changed, something the former hacker said should concern everyone considering events like the Jan. 6 insurrection. One lone employee out of thousands that may have been sympathetic to insurrectionists could have tried manipulating the platform during this time.
“There’s no record of what goes on in prod and who did what,” said Zatko. “That should freak everyone out.”
Zatko said that even if an account is deleted, Twitter still has the data, and any number of employees can access it.
In addition to the above, Zatko also claims that Twitter has given government agents access to user data without a warrant.
“Twitter has given government agents access to user data without a warrant,” said Zatko. “That’s pretty messed up.”
The former head of security’s allegations come as Twitter is under intense scrutiny for its role in the Capitol insurrection and the spread of disinformation. The company has been hit with multiple lawsuits, and its stock has also taken a hit.
Twitter did not respond to Zatko’s specific allegations but said it is “committed to safeguarding the privacy and security of people who use our service.”
“We have strong processes and controls to limit access to sensitive account information to a limited group of authorized employees,” the message said. “We require all employees to undergo training on our privacy and security practices, including handling user data.”
The statement said that when it comes to deleted accounts, Twitter “aims” to delete data within 30 days but that it “may take longer than that for some data, like direct messages, to be deleted.”
These allegations from Twitter’s former head of security are concerning. If true, they paint a picture of a company that is not only lax in its security measures but also misleading regulators and giving government agents access to user data without a warrant. Twitter needs to address these allegations immediately and plan to improve its security measures and protect users’ data. Otherwise, it risks further damage to its reputation and bottom line.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
