Twitter allegedly has serious security problems that could pose a threat to individual users, company shareholders and even national security.
Behind these claims is whistleblower and former Twitter executive Peiter “Mudge” Zatko, CNN reported.
Zatko was formerly the head of security at Twitter, brought on by Twitter founder and former CEO Jack Dorsey.
After being let go from the company in January, for what Twitter claimed was poor performance, Zatko sent a disclosure to Congress and other federal agencies last month about the state of security at Twitter.
That disclosure allegedly outlined that Twitter’s security infrastructure is mismanaged and chaotic. Too many staff have access to the social media platform’s most sensitive information and user data and there is not enough oversight.
Zatko also claimed that the company’s highest executives have tried to cover up Twitter’s vulnerabilities and that one or more employees inside Twitter could even be working for foreign intelligence.
Zatko’s claim added that the leadership at Twitter has not been fully transparent with its own board and government regulators about security issues, “including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns,” CNN reported.
The former executive also claimed that Twitter cannot be trusted to entirely delete users’ data after they have deleted their account, sometimes because they simply lost track of the information.
Would you be more likely to use Twitter if it was owned by Elon Musk?
Zatko also claimed that Twitter’s leadership does not actually have the resources to find out just how many bots are on the platform. This was an issue that has recently become prevalent due to Elon Musk’s $44 billion deal to buy Twitter and his attempt to back out of the deal due to the bots issue.
In years past there have even been hacks on Twitter accounts of high-profile users like Elon Musk and former presidents Barack Obama and Donald Trump, the Washington Post reported.
According to Zatko, those are examples of what happens due to the weak security infrastructure at Twitter.
The Securities and Exchange Commission, the Department of Justice and the Federal Trade Commission, as well as the Senate Intelligence Committee, all have Zatko’s disclosure now.
Peiter Zatko, who was previously Twitter’s head of security, is now a whistleblower. He warns that Twitter has major security problems that pose a threat to users’ personal information, to company shareholders, to national security, and to democracy. https://t.co/LLeNeQmFYy
— Dr. Jeffrey Guterman (@JeffreyGuterman) August 23, 2022
“Earlier today on behalf of our client, we filed protected, lawful disclosures with the Securities and Exchange Commission (‘SEC’), Federal Trade Commission (*FTC’), and Department of Justice (DOJ’), based on Mr. Zatko’s reasonable belief that Twitter has been, at all relevant times including today, in violation of numerous laws and regulations. For the reasons described in the enclosures, we respectfully request that your Committee initiate an investigation into legal violations by Twitter, Inc,” according to the filing by Zatko’s lawyers.
While the SEC, DOJ and FTC have not commented on the nearly 200-page disclosure concerning Twitter‘s security, members of the Senate Intelligence Committee have spoken out about the situation, CNN reported.
“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” Sen. Chuck Grassley, a top Republican on the panel, said. “The claims I’ve received from a Twitter whistleblower raise serious national security concerns as well as privacy issues, and they must be investigated further.”
Meanwhile, a Twitter spokesperson told CNN that security and privacy are important to the company and that the platform has tools for users to control their privacy and data sharing.
“Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance,” a Twitter spokesperson said, according to CNN. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
This controversy over Twitter’s security comes at a particularly important time as Musk’s deal for Twitter is still on the rocks. That situation has been putting legal pressure on the platform to provide more information concerning its structure.
Twitter has sued Musk in Delaware Chancery Court to try to make the billionaire follow through on his deal to buy Twitter, NPR reported.
There have been dozens of subpoena requests for banks, executives, Silicon Valley figures and more, for information about the deal and the state of Twitter itself.
Recent legal filings have shown that Musk’s attorneys are even going after documents and communications from Dorsey himself to get more information on Twitter’s fake accounts, user activity data and more, NPR reported.
Musk’s legal battle with Twitter is touching on some of the very issues that Zatko revealed in his whistleblowing claims, which likely will play a role in Musk‘s continued fight with the platform.
Zatko’s claims in his disclosure paint a dismal picture of Twitter’s structure.
“Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics,” Zatko wrote in a February analysis for the company, which was attached as an exhibit to the SEC complaint, the Washington Post reported.
Zatko is being legally represented by Whistleblower Aid, which is the same group that represented Facebook whistleblower Frances Haugen, CNN reported.
The founder of Whistleblower Aid and Zatko’s personal lawyer, John Tye, told CNN that Zatko has not communicated with Musk. Though Musk and Zatko’s issues with Twitter coincide, Zatko began the whistleblower process before the rumblings of Musk’s deal and his involvement with Twitter even began.