Twitter whistleblower cites security flaws before Congress

Twitter's former security chief told Congress Tuesday there was "at least one agent" from China's intelligence service on Twitter's payroll and that the company knowingly allowed India to add agents to the company roster as well, where they had access to highly sensitive data on users around the world.

These were some of the troubling revelations from Peiter "Mudge" Zatko, a respected cybersecurity expert and Twitter whistleblower who appeared before the Senate Judiciary Committee to lay out his allegations against the company.

Zatko told lawmakers that the social media platform is plagued by weak cyber defenses that make it vulnerable to exploitation by "teenagers, thieves and spies" and put the privacy of its users at risk.

"I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors," Zatko said as he began his sworn testimony.

"They don't know what data they have, where it lives and where it came from and so, unsurprisingly, they can't protect it," Zatko said. "It doesn't matter who has keys if there are no locks."

"Twitter leadership ignored its engineers," he said, in part because "their executive incentives led them to prioritize profit over security."

One issue that didn't come up in the hearing was the question of whether Twitter is accurately counting its active users, an important metric for its advertisers. Tesla CEO Elon Musk, who is trying to get out of a $44 billion deal to buy Twitter, has argued without evidence that many of Twitter's roughly 238 million daily users are fake or malicious accounts, i.e. "spam bots."

The Delaware judge overseeing the case ruled last week that Musk can include new evidence related to Zatko's allegations...