A massive hack just breached numerous Twitter accounts with hundreds of millions of combined followers––and used them to scam people for money. And it appears that the breach happened with some kind of help from Twitter employees.

Twitter says they’re investigating the incident, and surely they’ll put new safeguards in place to prevent this specific type of attack from happening again. But there’s a much bigger problem. The attackers potentially could have accessed millions and millions of people’s private direct messages (DMs), because Twitter has refused to implement end-to-end encryption on them.

Right now, Twitter employees (and anyone who can bribe or social engineer them) have access to your DMs. All of your DMs. Yep. Even that one.

End-to-end encryption is what protects iMessage, WhatsApp, Signal –– heck, even Facebook offers it for Messenger. Given that Twitter is a platform widely used by journalists, dissidents speaking out about repressive governments, and ordinary people to talk smack about their boss/friends/lover/etc, it’s past time for Twitter to offer this basic form of security to its more than 150 million users. Private messages leaking could cost someone their job––or in extreme cases, their life.

The Electronic Frontier Foundation, Senator Ron Wyden, and numerous security experts have called for Twitter to take this basic step. Sign the petition and demand they fix this gaping security hole before something really bad happens.