- Senator Ron Wyden said Jack Dorsey told him in 2018 that Twitter was working on encrypted private messages, the senator said in a statement to Business Insider.
- “Almost two years have passed since our meeting, and the Twitter DMs are not yet encrypted, leaving them vulnerable to employees who abuse their internal access to company systems and to hackers who gain unauthorized access,” Wyden said. .
- Wyden’s comments follow a massive breach of Twitter’s internal systems on Wednesday that allowed hackers to take over dozens of high-profile accounts.
- Twitter did not directly comment on Wyden’s claims or the company’s plans for encryption.
- Visit the Business Insider home page for more stories.
Twitter’s security practices are coming under fire from all corners after a massive breach of the company’s internal systems on Wednesday that allowed hackers to hijack dozens of high-profile accounts and potentially grab more than $ 120,000.
One of those who called the social media giant is Democratic Senator Ron Wyden, who claimed Thursday that CEO Jack Dorsey told him nearly two years ago that Twitter was working on end-to-end encryption for private messages from users, but never did.
“In September 2018, shortly before testifying before the Senate Intelligence Committee, I met privately with Twitter CEO Jack Dorsey. During that conversation, Mr. Dorsey told me that the company was working on encrypted direct messages from end to end. ” Business Insider said in an email statement.
“Almost two years have passed since our meeting, and the Twitter DMs are not yet encrypted, leaving them vulnerable to employees who abuse their internal access to company systems and to hackers who gain unauthorized access,” he said.
Twitter said Wednesday night that hackers managed to gain access to employees’ accounts that allowed them to take control of “many highly visible accounts.”
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal tools and systems,” the Twitter support team tweeted.
As compromised accounts of high-profile people, including Barack Obama, Joe Biden, Bill Gates, Kim Kardashian West, and Elon Musk, started tweeting bitcoin scams, many speculated on whether hackers could expose their private and direct messages .
One security measure that could have further protected users’ messages in the event that hackers gained access to accounts through Twitter employees is end-to-end encryption, where messages are encrypted locally on the device of a user before being sent and they can only be decrypted by device of the recipient.
“While it is still unclear whether the hackers behind yesterday’s incident gained access to direct messages from Twitter, this is a vulnerability that has lasted too long and is not present on other competing platforms,” Wyden said. “If hackers gained access to users’ DMs, this violation could have an impressive impact in the coming years.”
Twitter declined to comment directly on Wyden’s claims about the senator’s talks with Dorsey or about the company’s use of end-to-end encryption. Instead, the company directed Business Insider to the thread of its support team with updates on the security breach.
Security experts have argued for years that end-to-end encryption should be standard practice on digital communication platforms. Secure messaging apps like Signal use the protocol by default, and services like Apple’s iMessage, Facebook-owned WhatsApp, and Zoom have adopted it (albeit sometimes reluctantly and to the disappointment of the police, who say it makes them criminals are more difficult to trace).
