JUST IN: Twitter’s Former Security Chief Blows Whistle on Social Media Giant, Alleges They Buried ‘Egregious Deficiencies’
A former security chief for Twitter filed a shocking whistleblower complaint against the company, warning of major security flaws, extreme mismanagement and a significant lack of oversight.
CNN and the Washington Post obtained a redacted 200 disclosure filed last month to the Justice Department, the FCC, and the FTC. The filing was submitted by Peiter “Mudge” Zatko, who was hired by former Twitter CEO Jack Dorsey in late 2020 after a significant hack the social media website experienced.
In his complaint, Zatko claims that Twitter’s top executives allowed many of the company’s employees to have access to some of the platform’s main controls and sensitive information with little oversight. On top of that, he claims that these executives have deceived federal regulators and tried to cover up security deficiencies, deceive federal regulators, and falsely portray Twitter’s data management in a positive light.
From CNN’s report:
Zatko further alleges that Twitter’s leadership has misled its own board and government regulators about its security vulnerabilities, including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns. The whistleblower also alleges Twitter does not reliably delete users’ data after they cancel their accounts, in some cases because the company has lost track of the information, and that it has misled regulators about whether it deletes the data as it is required to do. The whistleblower also says Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and were not motivated to.
“There’s an analogy of an airplane,” Zatko said in an interview with CNN’s Donie O’Sullivan. “You get on an airplane, and every passenger and the attendant crew all have access to the cockpit, to the controls. That’s entirely unnecessary. It might be easy, but it’s too easy to accidentally, or intentionally, turn an engine off.”
Zatko says that he tried to warn the company about its vulnerabilities, address its technical deficiencies, and bring them up to standards set by the Federal Trade Commission. His complaint says that Twitter’s executives “withheld dire facts about the number of breaches and lack of protection for user data,” according to the Post, “instead presenting directors with rosy charts measuring unimportant changes.”
Reports go on to describe Zatko’s tense relationship with Twitter’s chief executive, Parag Agrawal, who fired him in January amid claims of poor performance. Zatko, however, claims that Agrawal and his allies pressured him into cherry-picking data points for Twitter’s board of directors, and to minimize the “extreme, egregious deficiencies” he saw in the company’s approach to cybersecurity.
Twitter spokeswoman Rebecca Hahn offered a rebuttal to Zatko’s complaint, referring back to the claim he was fired because of his “poor performance and ineffective leadership.”
“While we haven’t had access to the specific allegations being referenced, what we’ve seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context,” Hahn says. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and we still have a lot of work ahead of us.”
The complaint goes on to allege Agrawal and other Twitter executives lied in previous claims that the company was actively working to control how many bots, spam, and fake accounts were on the platform. Tesla CEO Elon Musk has made this a core component of his legal dispute with Twitter after aborting his decision to purchase the company.
Watch above, via CNN.
