Peiter Zatko testified that due to its poor security posture, it was possible for Twitter engineers to tweet from other users’ accounts, including those of lawmakers -- though he never saw an employee do so.
“I have seen numerous situations where Twitter engineers had to patch a problem and I said, ‘what was the problem?’ and they said, ‘oh, engineers could tweet as anybody, the data was exposed in this part,’” Zatko said. “It was always reactionary in finding these wounds left and right and putting bandaids on them because the systemic underlying problems were not addressed."
He added: “A Twitter engineer, understanding how the running systems and the data flows were operating could then access and inject, or put forward, information as … any of the senators sitting here today.”
Zatko said he never saw such a thing happening during his time at the company but added “I am concerned” that it may have happened previously.