According to ABC News, A former Twitter employee has been convicted of spying for Saudi Arabia after accessing private data on users critical of the kingdom’s government in a spy case that spanned from Silicon Valley to the Middle East.
Ahmad Abouammo, a U.S. citizen and former media partnership manager for Twitter’s Middle East region, was charged in 2019 with acting as an agent of Saudi Arabia without registering with the U.S. government.
A 2019 FBI complaint alleged that Abouammo and Saudi citizen Ali Alzabarah, who worked as an engineer at Twitter, used their positions to access confidential Twitter data about users, their email addresses, phone numbers and IP addresses, the latter of which be used to identify a user’s location. The U.S. complaint alleged that user data of over 6,000 Twitter accounts was accessed, including at least 33 usernames for which Saudi law enforcement had submitted emergency disclosure requests to Twitter.
Insider threats are often the hardest to protect against due to the nature of their job in amongst all the data. Once in the wrong hands it can be impossible to save it from being released which can cause dangerous aftermaths. Many companies will put all personal and private data in encrypted containers that are not accessible to the business, even by any of their employees, such as passwords. However there will be occasions where this isn’t the case with other personal data such as IP addresses and phone numbers. To counterbalance this problem, the more personal data that remains hidden from the platform in fully encrypted format, the safer it will be.