A former security official at Twitter told senators on Tuesday that he learned a week before he was fired that a Chinese intelligence agent was on the social media company’s payroll.

It was just one of a series of vulnerabilities revealed by Peiter “Mudge” Zatko, a respected cybersecurity expert.

He was hired in November 2020 after a hack that compromised high-profile accounts, but was fired just a year later.

Those were the security flaws, he said he was not surprised to learn that an agent of the Chinese Ministry of State Security was operating inside Twitter.

“I was told because the company’s physical security team had been contacted and told that at least one MSS agent, one of the Chinese intelligence services, was on the payroll on Twitter,” he said at a hearing of the agency. Senate. Judicial Committee.

“While it was disturbing to hear, I and many others, who recognized the state of the environment on Twitter, really thought if you don’t put foreign agents inside Twitter – because it’s very difficult to detect them … it is very valuable to a foreign agent to be in there – as a foreign intelligence company you probably don’t do your job.’

His warnings echo similar criticisms of other social media giants, such as Facebook, that they are not doing enough to protect user data.

And he accused executives of ignoring engineers and their concerns and putting profit before safety.

When he brought up the problem of a foreign agent, it was short-lived.

“I am reminded of a conversation with an executive when I said, ‘I’m convinced we have a foreign agent,’ and their response was, ‘Well, since we already have one, who cares if we have more? Let’s continue to grow the office,” Zaitko said.

Too many Twitter employees had access to sensitive data, he continued, along with a culture of reporting only good news.

“They don’t know what data they have, where they are and where they come from and so, unsurprisingly, they can’t protect them,” he said.

“It doesn’t matter who has the keys if there are no locks.”

Zatko filed a whistleblower complaint with Congress, the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission in July.

One of his most serious allegations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming it had taken stricter measures to protect the security and privacy of its users.

Senators focused on his claims that foreign agents had worked within Twitter.

sen. Chuck Grassley, the top Republican on the committee, said Zatko’s disclosures also showed India had managed to place two foreign assets in the company.

sen. Chuck Grassley, the most senior Republican on the committee, said the platform contained a wealth of information that would be helpful to opponents.

“Due to his revelations, we have learned that personal data of Twitter users may have been exposed to foreign intelligence agencies,” he said in his opening statement.

“His revelations also indicate that the FBI has notified Twitter of at least one Chinese agent in the company.”

Twitter did not immediately respond to a request for comment.

But the company has previously disputed Zatko’s claims. It says he was fired for poor performance and that his complaint is “riddled with inaccuracies.”

However, his evidence will almost certainly be used by Elon Musk as he fights to get under his deal to buy Twitter for $44 billion.

Zatko accused the company of deception when dealing with automated “spam bots” or fake accounts – one of Musk’s main arguments.

Musk even tweeted a popcorn emoji, suggesting he was watching the live hearing.

And Senator Lindsey Graham alluded to Musk’s bid, asking, “Would you buy Twitter given what you know?”