Among the many juicy stories that poured out of the company following Musk’s takeover, was one that dealt with the total lack of security with employee access to systems and customer data. But buried in there were two nuggets of information that meant nothing to the public or politicians but which stunned IT people around the world when they were revealed to Congress by a whistleblower:

[Former Twitter security executive Peiter “Mudge” Zatko] explained that they had no software development lifecycle [SDLC] and they’d misled the FTC on that.

Twitter does not have separate development, test, staging, and production environments. At least 5,000 employees had privileged access to production systems.

On [January 6, 2021], Mudge (the whistleblower) wanted to take action to prevent potential sabotage by a rogue employee. He learned it was not possible for Twitter to secure its production environment.

THE FUCK?

Musk, with his IT background, must have just about had a heart attack when he found this out. Having those areas separated has been basic IT practice for sixty years. Having SDLC has been standard practice for forty years. This was a Silicon Valley titan? And any of five thousand employees could reach out and touch the production systems?

In 2020, Twitter had security incidents serious enough they had to be reported to the federal government on an almost weekly basis. Meanwhile, [CEO] Parag Agarwal was lying about how secure Twitter was.

Twitter did not keep backups of employee computers. They used to, but then the system broke, was never fixed, and execs decided this was good because it meant they couldn’t comply with regulators.

Mudge realized that a data center failure could potentially cause the permanent loss of all of Twitter’s data. He shared this fact with senior leadership, who instructed him not to put it in writing for the Board.

A few months later, that exact eventuality almost came true, and only herculean effort by Twitter engineers prevented “permanent, irreparable failure.”

Meaning the collapse of the then $44 billion company. Read the whole story.