Twitter Saudi hack: Ripple effect from Silicon Valley to Riyadh to Main Street

Saudi national and Twitter employee Ali Alzabarah allegedly accessed data of more 6,000 users.

In April 2018, Saudi Arabia's Crown Prince Mohammed bin Salman toured Silicon Valley, meeting with a wide range of executives from Apple CEO Tim Cook to Google co-founder Sergey Brin. Some 21 months later, the kingdom's ruler finds his country in a tech spying crime that raises security questions from Silicon Valley to Riyadh to your home.

Two former Twitter employees were accused by federal prosecutors of using the platform to spy on behalf of Saudi Arabia. A criminal complaint from the U.S. Department of Justice said Ali Alzabarah, a Saudi national, and Ahmad Abouammo, a U.S. citizen, used their access at the social media giant to gather private data on Saudi-regime dissidents.

This comes on the heels of Salman being implicated by U.S. officials and a United Nations investigation into the murder of Saudi journalist and dissident Jamal Khashoggi. The prince has said he bore ultimate responsibility for the kingdom but denies orchestrating the slaying.

The tensions with tech that the killing brought about will not subside in the wake of the Twitter scandal -- and should serve as a fair warning for all social media users.

“If you’re connected, there’s the potential to be compromised,” Kelvin Coleman, executive director of the National Cyber Security Alliance, told FOX Business. The NCSA works with the U.S. Department of Homeland Security.

“They are businesses that make money by selling information about users and the information they store is not always as secure as one may think.”

- Ronn Torossian, CEO of 5WPR

Hacking and spying are not limited by borders. Per the Justice Department’s complaint, Alzabarah, who worked as a web engineer for Twitter, accessed data of more than 6,000 users and would have also had access to their IP addresses, phone numbers and a log of all their actions on the platform at any time.

“People need to face some hard realities about social media,” Ronn Torossian, CEO of 5WPR, told FOX Business. “The average user should remember everything they do is monitored. Facebook, Twitter and Instagram are not just a place to share things."

A spokesperson for Twitter told FOX Business the company is taking steps to remedy the situation and that it already restricts access to sensitive account information to a limited group of employees.

“We understand the incredible risks faced” by many who use the platform and “have tools in place to protect their privacy and ability to do vital work."

“We recognize the lengths bad actors will go to try and undermine our service,” and are “committed to protecting those who use our service.”

Ticker Security Last Change Change %
TWTR TWITTER, INC. 62.77 -0.40 -0.63%

Even though Saudi Arabia is heavily invested in some of tech's biggest names such as Uber, DoorDash and Slack through its investment in Soft Bank's Vision Fund, critics shake their heads that funding outweighs corporate reputations or concerns about customer privacy.

Anand Giridharadas author of “Winners Take All: The Elite Charade of Changing the World,” wrote last year that the kingdom is "a regime that would seem to violate all the values that Silicon Valley is proud of trumpeting."

Saudi Arabia reportedly has 9.9 million active Twitter users, the fourth highest in the world, behind the United States, Britain and Japan. If someone from one of those three countries had engaged in Twitter conversations with accounts in Saudi Arabia, there is a chance that those exchanges may have been part of the hack.


Cameron F. Kerry, a visiting fellow at the Brookings' Center for Technology Innovation and former acting secretary of the Commerce Department told FOX Business, that "we all accept some risk interacting online ... but you can’t avoid it.”

However, users do have some level of control.

“Be selective about what services you use and consider whether you have a reason to think a given provider will protect your privacy and security,” he said, "Only share data necessary for the service, like location data for ride-sharing … and keep software updates current to protect security.”