It seemed like everything was going to get better. Twitter called on its users to make their accounts more secure by providing a phone number as a second sign-up factor in addition to an email address. That should make it harder for hackers to gain access. What Twitter didn’t say: The telephone numbers were also sold secretly for marketing purposes – and because they were not sufficiently secured, millions of them were later stolen by hackers.
The example is just one of many details that the former security chief Peiter Zatko has disclosed about the chaotic conditions at his former employer. His revelations went much further: data was not properly protected, simple programmers had access to the most sensitive data of almost all users, and requirements from regulatory authorities were ignored.
It would be wrong to dismiss this portrayal as a purely Twitter issue. The sloppiness uncovered by Zatko can also be found in a similar form on other social networks – at least a number of cyber security experts are convinced of that.
This puts us all in a very vulnerable position. Twitter and other platforms not only know which data we enter in our profiles or which short messages we send. The information goes much further. Twitter can determine the home address and track where a user is when using the app, Zatko made clear.
Top jobs of the day
Find the best jobs now and
be notified by email.
It must be clear to everyone: Big technology companies know more intimate details about our lives than powerful countries. Systems that were actually developed for advertisers can be used by secret services to specifically spy on individual users. Authoritarian states are said to be using this practice today to take action against dissidents.
No worries about penalties
We are already jaded by the regular reports of hacker attacks. However, Zatko’s revelations show that to this day, giant platforms like Twitter continue to compromise the safety of their users because they rarely have to worry about fines.
That urgently needs to change. Interestingly, Zatko did not name an institution in the USA as a particularly efficient authority, but the data protection guards from France. They are particularly meticulous in their work and, if necessary, often impose high penalties on companies until they change their behavior.
The Germans should take a look at that. The sloppy handling of our data is a security risk that can no longer be calculated. However, we as users have the damage – and hardly the companies that put us in danger. That needs to change.
More: Twitter shareholders approve Musk’s purchase – the most important questions and answers about the takeover dispute