Washington, D.C. – Twitter’s former head of security, Peiter Zatko told United States lawmakers on Tuesday the firm is “misleading the public” about the security of the social network.
He claimed Twitter was ‘a decade behind’ security standards, that users’ data was not sufficiently protected and that too many staff have access to it.
Zatko was giving evidence following an 84-page long, whistleblowing complaint he made about security practices inside the social network. He was fired by the firm in January.
He also said “one-time fines’ imposed by regulators over breaches of rules on data protection “didn’t bother Twitter at all”.
In his damning testimony, Zatko described an organisation prioritising revenue generation above everything else.
At the start of the hearing he grew tearful about his role as a whistleblower, saying it was not a decision he had taken lightly.
“I’m risking my career and reputation… if something good comes out of it five or 10 years down the line, it will be worth it,” he said later on.
He also said he still thought Twitter offered a good service, but he laughed when asked whether he would buy it – a wry nod to the saga of Elon Musk’s deal.
“Depends on the price,” he said.
Zatko was personally hired by Twitter’s co-founder and former chief executive officer Jack Dorsey, after a high-profile attack of the platform’s celebrity accounts.
The whistleblower said that people’s personal information was put at risk. Information held about users includes: phone number, IP address – from which a physical address could potentially be found,
email address, type of device, type of browser, and location a user connected from.
This data could enable an individual to be targeted in the real world, he said.
Zatko previously worked for the U.S. government and Google, and is well-regarded in the information security community.
His lawyer John Tye described him as “a pretty remarkable guy”.
Senator Chuck Grassley from the U.S. Judiciary Committee said in his opening remarks that Twitter chief executive officer Parag Agrawal had declined to attend the hearing.
Twitter said that Zatko lost his job because of ineffective leadership and poor performance, and that his allegations are both inaccurate and inconsistent.