Twitter ‘over a decade behind’ industry standards for cybersecurity: Whistleblower
A Twitter whistleblower says the social media platform is a decade behind security standards, and that its cybersecurity failures cause real harm to real people.
Former Twitter chief security officer Peiter "Mudge" Zatko, who testified before the Senate Judiciary Committee on Tuesday, noted company executives turned a blind eye to the problem while focusing on profits.
Zatko noted that after the Federal Trade Commission (FTC) ordered the firm to protect users’ private data, it failed to do so.
"What I discovered when I joined Twitter was that this enormously influential company was over a decade behind industry security standards," he said. "The company's cybersecurity failures make it vulnerable to exploitation, causing real harm to real people."
"When I brought concrete evidence of these fundamental problems to the executive team and repeatedly sounded the alarm of the real risks associated with them -- and these were problems brought to me by the engineers and employees of the company themselves — the executive team chose instead to mislead its board, shareholders, lawmakers, and the public instead of addressing them."
The reason why this happened was that "key parts of leadership lacked the competency to understand the scope of the problem," he said, noting, on top of this, "executive incentives led them to prioritize profits over security."
Zatko said that one part of the problem is that the firm has so much information that it is hard to keep a track of what data the company has, “where it lives, or where it came from," and consequently, they "can’t protect it."
The other part is that too many Twitter employees access too much information, he stated, adding, the firm lacked a solid infrastructure for detecting who accessed what information or when.
He then elaborated on what a person could do with a Twitter user's information, saying, "This is the information that you need in order to start taking over other people's accounts."
"With your phone number and an email address, I can hijack your phone number. I can then change your Gmail, your Coinbase, your Ameritrade, your other accounts. I can cause financial harm that way. I can then assume your identity."
Columbia, Yale students bent on ending US support for Israeli genocide
US troopers crack down on pro-Palestinian protests at University of Texas
‘Say no to Biden’: US college being pressed not to endorse genocide
Tehran economic conference: Raeisi hails Iran-Africa expansion of ties
VIDEO | Press TV's news headlines
Severe heat wave hits India as phase 2 of polling begins
What to expect after President Raeisi's visit to Pakistan
China describes Iran as ‘strategic partner' in West Asia
April 25: ‘Axis of Resistance’ operations against Israeli occupation
Hezbollah hits Israeli military sites near border with rockets, drones
Rwandans say UK deportation 'another brutal manifestation of neo-colonialism'
This makes it easy to access the Press TV website
