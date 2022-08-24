Twitter logo NYSE - STF/AP

Ex Twitter staff have access to secret software codes months after leaving the business, a whistleblower has told The Telegraph as the company faces questions over national security.

Ex-engineer Al Sutton revealed that despite quitting 18 months ago he still retained access to Twitter's central file store on GitHub, a website used by software developers to store source code.

His account sheds fresh light on claims of poor practices at the social media platform made by another whistleblower.

Mr Sutton, who ran Twitter's mobile developer experience team until February last year, said: "Not removing folks' access to systems when you let them go seems, to me, like a basic part of good security."

His revelation comes after a former head of security at Twitter turned whistleblower wrote a 200-page dossier sent to regulators and politicians alleging Twitter's lax security practices posed a threat to US national security.

Mr Sutton, who left Twitter to run his own automotive technology startup in Kent, said it was "concerning" that he had access to some of Twitter's software source code almost 18 months after resigning.

He explained: "It gives me access to their private repositories on GitHub. This is not where they store their main source code, but some projects are not public."

Mr Sutton showed The Telegraph screenshots of tools and code used by Twitter software engineers and stored on the Twitter GitHub repository, which is the digital equivalent of a filing cabinet at an architect's office.

One of those screenshots appeared to show he had access to Twitter's version of OpenBMC, a software tool used by Twitter and many other large tech companies to run their computer servers.

The software engineer expressed the fear that as an ex-employee he had access "to what is essentially a sampling of Twitter engineers who could be targets for social engineering".

Social engineering is a form of deceiving people who have high-level access to computer systems into handing over secret information stored on those systems.

Story continues

On Tuesday, Peiter "Mudge" Zatko, who was fired by Twitter in January, went public with allegations that bosses sacked him because he refused to play down the poor state of Twitter's internal processes.

Mr Zatko said in his dossier that around half of Twitter’s 7,500 employees had routine access to “critical” internal controls, saying this was a form of “wilful ignorance” that risked deliberate manipulation of the social media site by hostile insiders.

Daniel Thanos, a vice-president of cyber security company Arctic Wolf, said that Mr Zatko "is a highly trusted and respected leader in the cybersecurity community and his comments should not be taken lightly".

He added: "Since Twitter has become a vital source of information, it must make sure its internal security controls maintain the highest level of security and privacy. This is absolutely fundamental due to the trust users are placing in it."

The Telegraph has contacted Twitter for comment.