Twitter yashutumiwa kupotosha kuhusu ulinzi wa taarifa za watumiaji

SemperFI

JF-Expert Member
Jul 24, 2018
1,018
2,150
Akitoa ushahidi wake mbele ya Bunge la Marekani, Mkuu wa zamani wa usalama wa mtandao huo, Peiter Zatko amesema data za watumiaji hazijalindwa vya kutosha na kwamba wafanyakazi takriban 4000 wanaweza kuzipata.

Amezitaja taarifa za mtumiaji ambazo Twitter haijaziweka salama kuwa ni namba ya simu, anwani ya makazi, barua pepe, aina ya kifaa, aina ya kivinjari na mahali ambapo mtumiaji ameunganishwa.

Twitter imejitetea kwa kusema Peiter Zatko alipoteza kazi yake kwa sababu ya uongozi usio na ufanisi na utendaji kazi mbaya, pia madai yake sio sahihi na hayafanani.

=========================

Twitter's former head of security, Peiter Zatko, has told US lawmakers the firm is "misleading the public" about how secure the platform really is.

He claimed Twitter was "a decade behind" security standards, that users' data is not sufficiently protected and that too many staff have access to it.

Mr Zatko was giving evidence following an 84-page long whistleblowing complaint he made about security practices inside the social network.

He was fired by the firm in January.

He also said "one-time fines" imposed by regulators over breaches of rules on data protection "didn't bother Twitter at all".

In his damning testimony, Mr Zatko described an organisation prioritising revenue generation above everything else.

At the start of the hearing he grew tearful about his role as a whistleblower, saying it was not a decision he had taken lightly.

"I'm risking my career and reputation... if something good comes out of it five or ten years down the line, it will be worth it," he said later on.

He also said he still thought Twitter offered a good service but laughed when asked whether he would buy it - a wry nod to the saga of Elon Musk's deal.

"Depends on the price," he said.

National security
During his questioning, Mr Zatko said that employees had expressed concerns to him that Twitter was carrying advertising from "organisations which may or may not be associated with the Chinese government", a potential national security risk.

When he raised concerns with Twitter executives he was told it would be "problematic" to lose that revenue stream, he said.

He also said he was troubled by Twitter's attitude to other national security issues he had raised. He said "half the company" were engineers and they all had access to users' personal information.

It is believed around 4,000 employees had access to this data. He said he was worried that rogue employees had the power to take information without leaving a trace.

He added that there was a danger that employees could "dox" users, where private information is posted online, though he had not seen this happen.

He said Twitter does not log the activity of employees who access private data - which surprised him.

He also said that Twitter's security systems made it difficult to monitor potential espionage. In a previous statement Mr Zatko said that an Indian agent had been employed by the company .

"The company did not in fact disclose to users that it was believed by the executive team that the Indian government had succeeded in placing agents on the company payroll," Mr Zatko said last month.

Musk and spam
He has previously supported Elon Musk's claim that the platform has more spam and fake accounts than it has admitted - though he didn't elaborate on this.

His testimony focussed on national security issues - and is not officially connected with Mr Musk's attempt to pull out of his deal to buy Twitter for $44bn - that case is due to begin in October.

Even so, the flurry of accusations from a former senior employee will not help Twitter's case.

Mr Zatko was personally hired by Twitter's co-founder and former CEO Jack Dorsey, after a high-profile attack of the platform's celebrity accounts.

The whistleblower said that peoples' personal information was put at risk. Information held about users includes:

Phone number
IP address - from which a physical address could potentially be found.
Email address
Type of device
Type of browser
Location a user connected from
 
0 Reactions
Reply
Top Bottom