- Sen. Ron Wyden said that Jack Dorsey told him in 2018 that Twitter was working on encrypted private messages, the senator said in a statement to Business Insider.
- “It has been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access,” Wyden said.
- Wyden’s comments follow a massive breach of Twitter’s internal systems Wednesday that allowed hackers to take over dozens of high-profile accounts.
- Twitter did not comment directly on Wyden’s claims or the company’s plans on encryption.
- Visit Business Insider’s homepage for more stories.
Twitter’s security practices are coming under fire from all corners following a massive breach of the company’s internal systems Wednesday that allowed hackers to hijack dozens of high-profile accounts and potentially make off with more than $120,000.
One of those calling out the social media giant is Democratic Senator Ron Wyden, who claimed Thursday that CEO Jack Dorsey told him nearly two years ago that Twitter was working on end-to-end encryption for users’ private messages but never followed through.
“In September of 2018, shortly before he testified before the Senate Intelligence Committee, I met privately with Twitter’s CEO Jack Dorsey. During that conversation, Mr. Dorsey told me the company was working on end-to-end encrypted direct messages,” Wyden told Business Insider in an emailed statement.
“It has been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access,” he said.
Twitter said late Wednesday evening that hackers had managed to gain access to employee accounts that allowed them to take control of “many highly-visible” accounts.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter’s support team tweeted.
As the compromised accounts of high-profile individuals, including Barack Obama, Joe Biden, Bill Gates, Kim Kardashian West, and Elon Musk, began tweeting bitcoin scams, many speculated about whether the hackers might be able to expose their private, direct messages.
One security measure that could have further protected users’ messages in the event hackers gained access to accounts via Twitter employees is end-to-end encryption — where messages are encrypted locally on a users’ device before being sent and can only be decrypted by the recipient’s device.
“While it still isn’t clear if the hackers behind yesterday’s incident gained access to Twitter direct messages, this is a vulnerability that has lasted for far too long, and one that is not present in other, competing platforms,” Wyden said. “If hackers gained access to users’ DMs, this breach could have a breathtaking impact, for years to come.”
Twitter declined to comment directly on Wyden’s claims about the senator’s conversations with Dorsey or about the company’s use of end-to-end encryption. Instead, the company directed Business Insider to its support team’s thread with updates on the security breach.
Security experts have argued for years that end-to-end encryption should be a standard practice on digital communications platforms. Secure messaging apps like Signal use the protocol by default, and services like Apple’s iMessage, Facebook-owned WhatsApp, and Zoom have all adopted it (though sometimes reluctantly and to the disappointment of law enforcement, who say it makes criminals harder to track).