Twitter whistleblower Peiter Zatko described the company as a Wild West of unsecured data whose management consistently chose revenue and subscriber growth over security and privacy.
“Thousands of Twitter employees can access user data they don’t need access to to do their jobs. And if foreign assets work for Twitter, those foreign assets can also access the data,” he alleged in testimony before the Senate Judiciary Committee. “An employee could take over the accounts of all of the Senators in this room.”
Last month, a former Twitter employee was found guilty of spying on Saudi dissidents using the social media platform to pass their personal information to an aide of Crown Prince Mohammed bin Salman.
Zatko, known as “Mudge”, a hacker who served as Twitter’s head of security until he was fired in early 2022,, said some Twitter employees were also concerned that the Chinese government could collect user data.
When he first arrived at Twitter, “There were thousands of failed attempts to access systems per week that no one was noticing” and that surprised management. Overall poor tracking of who logs in, or tries to, “is a remnant of [Twitter] being so far being on their engineering.”
“It’s a culture where they are only able to focus on one crisis at a time and that crisis is … only replaced by another crisis. I think they would like to wave a magic wand and have all these things fixed,” he said, but that would require legwork, time, money and increased transparency.
“If you could correctly register and track and identify where data lived, if you knew where everything was in your database, you could absolutely go delete it. But that has not been prioritized over other projects like increasing revenue and users,” he said. He said the service puts its users health and safety and national security a risk, and that it has misled its own board.
Twitter is currently suing Elon Musk in Delaware Chancery Court for terminating a $44 billion agreement to buy the company. The billionaire Tesla founder broke off the engagement in July, before Zatko’s allegations surfaced. In a setback for Twitter, a Chancery Court judge last week agreed that the Musk camp can use the whistleblower complaint in a trial set for next month.
Twitter has described Zatko as a disgruntled former employee and says it investigated concerns he raised at the company and found them without merit.
Ranking member Sen. Chuck Grassley said the Judiciary Committee invited Twitter CEO Parag Agrawal to today’s hearing but the exec had declined to appear, saying it would jeopardize the ongoing litigation. “This seems more important than Twitter’s civil litigation in Delaware,” Grassley said.
The hearing is ongoing, Deadline will update. Twitter shareholders are scheduled to vote on the Musk deal at a special meeting at 1 pm ET.