Top Republican accuses Twitter of ‘mismanagement’ of security, employees

House Oversight and Reform Committee ranking member James Comer (R-Ky.) on Wednesday sharply criticized Twitter for not taking enough steps to manage the security of the platform and the trustworthiness of employees. 

In a letter to Twitter CEO Jack Dorsey, Comer pointed to security concerns from an incident in July that saw hackers target 130 verified Twitter accounts, including those of former Vice President Joe Biden and major tech CEOs, in criticizing Twitter for taking insufficient steps to shore up security. 

“It has become increasingly clear that Twitter does not take security and oversight of its security practices seriously,” Comer wrote.

Comer also expressed strong concerns stemming from a Bloomberg report last month that two former Twitter employees accessed over 6,000 Twitter accounts in 2015 while working as spies for the Saudi Arabian government. According to the report, this information was used in some cases to track down, harass and abduct Saudi Arabian dissidents. 

Both former employees were charged last year by the Justice Department for allegedly working as Saudi Arabian spies. 

The July security incident involved hackers using employee credentials to target 130 verified accounts and tweet messages from 45 of these accounts asking followers to donate money as part of a cryptocurrency scam that ultimately raised over $100,000. The hackers also accessed direct messages of 36 accounts, and downloaded data from seven accounts, according to Twitter.

Twitter took immediate action to respond to the July incident, temporarily preventing all verified accounts from tweeting, and alerting authorities. The FBI arrested three individuals last month, including a 17-year-old, in connection to the incident. 

“Twitter appears to place far too much trust in too many people, granting them extraordinary access to people’s data and personal information,” Comer wrote Wednesday. “Twitter has refused to address these concerns. Now, it would seem from the reports involving Saudi Arabian spies, Twitter’s mismanagement may have led to the deaths of dissidents.”

Comer criticized the social media platform for not providing documents requested in a previous letter sent in August following a briefing from Twitter to the House Oversight and Reform Committee on the July security incident.

Comer had asked Twitter to provide documents around employee cybersecurity training, a list of all Twitter employees who have access to verified accounts, and Twitter written policies around responding to a security incident, among other documents. 

The top Republican requested that Twitter provide these documents and schedule a second committee briefing by Sept. 11. Comer noted that if the company failed to take action, he would “consider all possible options, including legislation, to ensure Twitter’s security no longer puts people’s lives at risk.”

Twitter did not immediately respond to The Hill’s request for comment on Comer’s letter. 

“Twitter’s lack of transparency about any actions it has taken to provide more robust oversight and security gives the appearance the company believes it bears no responsibility for any of the crimes committed using its platform,” Comer wrote.