The former head of security at Twitter, Peiter Zatko testified before Congress on Tuesday that the company’s executives prioritised profitability over security, leaving the firm vulnerable to hacking and foreign agent intrusion.
Also read: Twitter on Peiter Zatko testimony: Riddled with inconsistencies and inaccuracies
The types of information that Twitter gathers on its users were described in depth by Peiter Zatko. Zatko claims the following is on the list:
– The phone number of a user
– The most recent IP address a user used to connect, along with previous IP addresses
– The current email address of a user, how long they’ve had it, and their previous email addresses
– Where the business believes a user resides
– Where a user is allegedly presently accessing Twitter, according to the company
– What kind of gadget a user is using to access Twitter
– The web browser that the user is using
– The user’s chosen language
Through their access to the company’s internal production systems, all of the engineers, according to Zatko, may have access to all of that user data.
Also read: Twitter whistleblower Peiter Zatko testified before US Congress: What he said
“If they wanted to root around in the data and find it, they could, and some have,” Zatko added.
“Why do they keep having so many security incidents? The same amount year after year … What is fundamentally, under-the-hood broken? Where is the systemic failure?” Zatko reportedly asked upon his arrival at Twitter.
He claimed that one issue is that Twitter doesn’t completely comprehend all the information it gathers from users or the purposes for doing so.
Also read: Elon Musk’s $44 billion takeover deal approved by Twitter shareholders
He referenced an internal research by engineers that purportedly revealed that the corporation only knows “why they got it, how it was supposed to be used, when it was supposed to be deleted” for roughly 20% of the data it receives.
The corporation frequently had no idea what the remaining data was or why it was being collected, according to Zatko. He asserted that samples of that unidentified data in the study included personally identifying data like phone numbers and addresses.
Also read: Elon Musk can use Twitter whistleblower Peiter Zatko’s testimony in trial: Judge
Zatko added that because Twitter doesn’t fully comprehend and, therefore, protect the data it collects, malicious actors who get access to its system may be able to access and use that data.