Two Twitter employees accessed user data on behalf of the Saudi government. Neither should have had access, and this is a sign of a bigger problem at all companies.
A tremor rippled across the information security community last week when the Justice Department announced criminal charges against two Twitter employees, Ahmad Abouammo and Ali Alzabarah, for acting as foreign agents under the direction and control of the Kingdom of Saudi Arabia. The complaint alleges that the two men used their ability to access user data to provide the Saudi rulers with private information on more than 6,000 Twitter users.
Abouammo, who was a media partnerships manager at Twitter, is a US citizen. Alzabarah, who was a site reliability engineer at the social media giant, is a Saudi citizen, while a third person who was an intermediary in the theft of some of the data and who did not work at Twitter, Ahmed Almutairi, is also a Saudi citizen.
Both former Twitter workers had access to a proprietary and confidential information for Twitter users, including the email addresses, birthdates, phone numbers and IP addresses. Alzabarah, who pulled data on four specific users at the request of the Saudis, also had access to users’ biographical information, logs that contained the users’ browser information, and a log of all of a particular user’s interactions at any given point in time, the complaint says.[This article appeared in CSO Online. To read the rest of the article please visit here.]