In a possible win for tech titan Elon Musk, Twitter’s former head of security, the legendary hacker-turned-cybersecurity-expert Peiter “Mudge” Zatko has revealed several hidden negligent security practices and claimed that the company misled federal regulators about its safety, and failed to properly estimate the number of bots on its platform.
Zatko, who was fired from Twitter in January, filed a complaint with the Securities and Exchange Commission (SEC) that accuses Twitter of deceiving shareholders and violating an agreement it made with the Federal Trade Commission (FTC) to uphold certain security standards. His complaints, totaling more than 200 pages, were obtained by CNN and The Washington Post and published in redacted form on Tuesday.
In his interview with CNN, Zatko said he joined Twitter in 2020 at the bequest of then-CEO Jack Dorsey, right after the company was hit by a massive hack in which accounts belonging to figures like Barack Obama, Bill Gates, and Kanye West were compromised. Zatko says he joined Twitter because he believes the platform is a “critical resource” for the world but became disillusioned by the refusal of CEO Parag Agrawal to tackle the company’s many security failings.
Zatco’s significant reports and accusations include:
- Too many employees having access to critical systems and the personal information of users.
- Twitter’s method of measuring bots is misleading and executives are incentivized (with bonuses of up to $10 million) to boost user counts rather than remove spam bots.
- The app being a key tool for sharing news and organizing protests, making it a ripe target for governments looking to crack down on dissent. Zatko’s complaint states that he believes the Indian government forced Twitter to hire a government agent, who then had “access to vast amounts of Twitter sensitive data.”
- Failure to delete sensitive user data.
In response to Zatko’s complaint, Twitter has accused its former chief of security of sensationalizing and selectively presenting information.