Thanks to the time when verified Twitter accounts were hacked to promote Bitcoin scams, it’s probably clear that the social media platform has holes in its security. As it turns out, that may have just been the tip of the iceberg, according to the microblogging site’s former security head.
Speaking to CNN and The Washington Post, Peiter Zatko, formerly the head of security for Twitter, has made a number of claims regarding the platform’s security practices. One claim is that Twitter gave all of its engineers some form of critical access to the platform. He also claims that the company also did not have methods of tracking down anyone who went in to make changes to the platform.
Making things worse is the allegation that half of the company’s servers run on outdated software which don’t support features like data encryption. All this combined means that the company faced about one “security incident” a week that’s serious enough to require reporting to US government agencies.
Another is that it is misrepresenting the entire bot issue, which saw Tesla owner Elon Musk flake on his deal to acquire the company. Zatko claims that the decision to report the number of bots on Twitter in relation to the number of monetisable daily active users rather than the total number of accounts is an attempt to obscure the true scale of bot accounts.
Zatko also claims that he has been told by the Twitter executive team to present cherry-picked data to misrepresent the company’s progress in handling cybersecurity issues to the board. Though despite all this, it’s probably worth noting that Zatko, formerly an “ethical hacker” with roles at Google and the US Department of Defense, was hired after the 2020 Bitcoin scam hack. He was also fired in January 2022 for what the company claims to be “ineffective leadership and poor performance”.
(Source: CNN)
The post Former Twitter Security Chief Alleges Negligent Cybersecurity appeared first on Lowyat.NET.