Congress is looking into Twitter whistleblower’s claims of lax security

Senate committees are holding talks with the company's former security chief.

Sponsored Links

Kris Holt
August 23, 2022 11:22 AM
Twitter app is seen on a smartphone in this illustration taken, July 13, 2021. REUTERS/Dado Ruvic/Illustration
Dado Ruvic / reuters

Senate and Congressional committee leaders from both sides of the aisle are looking into claims from Twitter's former security chief that the platform has “extreme, egregious deficiencies” in terms of protections against attackers. Famed hacker Peiter "Mudge" Zatko, who took over Twitter's security division in 2020 and left the post in January, accused the company in a whistleblower complaint of having questionable cybersecurity defenses and weak measures to fend off spam. Zatko also claimed the company violated the terms it agreed with the Federal Trade Commission to settle a privacy dispute.

Democratic Rep. Frank Pallone Jr. and Republican Cathy McMorris Rodgers, the chair and ranking member of the House Energy and Commerce Committee respectively, say they are "assessing next steps" following the allegations, according to The Washington Post. They said the complaint underscores how important it is for Congress to protect people's data by passing consumer privacy legislation.

"The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executives to government agencies and penetration of the company by foreign intelligence raise serious concerns," Senate Judiciary Committee chair Dick Durbin wrote on Twitter. "If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world."

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

The offices of Durbin and the committee's ranking member Chuck Grassley said they've held early talks with Zatko. The Senate Intelligence Committee is also looking to set up a meeting with the whistleblower.

"Security and privacy have long been top company-wide priorities at Twitter," spokesperson Rebecca Hahn said, while claiming that Zatko's assertions are "riddled with inaccuracies." The company fired Zatko "for poor performance and leadership," Hahn said, adding that he "appears to be opportunistically seeking to inflict harm on Twitter, its customers and its shareholders."

Zatko has said he "felt ethically bound" to file the complaint as a member of the cybersecurity community. Given the bipartisan interest in Zatko's claims, the allegations could prompt Congress and the Senate to beef up cybersecurity legislation after several failed efforts to more strictly regulate the technology industry.

Additionally, Zatko's disclosure could play a role in Twitter's case against Elon Musk, who is trying to back out of a deal to buy the company. The two sides are set to go to trial in October.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
Congress is looking into Twitter whistleblower’s claims of lax security