Former Twitter security chief Peiter Zatko has accused the social media giant of misleading government regulators about cybersecurity practices and prioritizing growth over cracking down accounts of spam.
Zatko filed an 84-page complaint last month with several government agencies, alleging that Twitter falsely claimed to have a strong security plan and that half of the company’s servers relied on outdated software that was vulnerable to hackers.
The whistleblower document alleged that Twitter prioritized user growth over spam reduction. Executives could earn individual bonuses of up to $10 million tied to increasing the number of daily users, according to the complaint, and nothing explicitly for reducing spam.
Whistleblower Aid, which represents Zatko, said it stands behind everything in its disclosure. He also confirmed the authenticity of the disclosure as posted on the Washington Post website. The Washington Post and CNN were the first to publish the story.
“What we have seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” Twitter said in a statement.
Zatko, also known as “Mudge”, is a well-known cybersecurity expert who first joined Twitter in 2020 after the company suffered a major security breach that damaged his reputation. He was fired in January.
Among the most disturbing allegations are Zatko’s claims that the Indian government pushed Twitter to put a government agent on the company’s payroll. Zatko claims that Twitter did this and that the agent would have gained access to sensitive user data.
India’s government, led by far-right Hindu nationalist Narendra Modi, has come under fire for cracking down on dissent and perceived political rivals in recent years.
A 2011 FTC complaint noted that Twitter’s systems were full of highly sensitive data that could allow a hostile government to find precise geolocation data for a specific user or group and target them for violence or arrest. Earlier this month, a former Twitter employee was found guilty after a trial in California of handing over sensitive Twitter user data to royals in Saudi Arabia in exchange for bribes. wine.
The complaint said that Twitter was also heavily dependent on funding from Chinese entities and that Twitter was concerned that the company was providing information to these entities that would allow them to learn the identity and access sensitive information of Chinese users who secretly use Twitter. , which is officially banned in China.
The revelations came as Twitter is embroiled in a lawsuit with Elon Musk, the CEO of Tesla who announced in July that he was ending a previous deal to acquire Twitter for $44 billion. Zatko’s lawyers said he started going public with his concerns before Musk expressed interest in buying the company.
Musk alleged that Twitter failed to provide evidence that bots did not represent a significant portion of Twitter users. Twitter denied the allegations and launched a lawsuit to force Musk into the deal. The trial is scheduled to continue on October 17.
Twitter’s stock value fell about 4% on Tuesday, and attorneys representing Zatko, who was fired by Twitter earlier this year for what the company called “ineffective leadership and poor performance,” confirmed that he maintained his allegations.
Alex Spiro, an attorney representing Musk in his lawsuit with Twitter, said Musk’s legal team subpoenaed Zatko. Musk hinted at the revelation on Tuesday, taking to Twitter to post a meme captioned “Give a little whistle.”
— Elon Musk (@elonmusk) August 23, 2022
The whistleblower’s claims that Twitter demonstrated “willful ignorance” in counting millions of spam accounts as legitimate users on the site could be a potential boon to Musk’s claims that the site’s value has been artificially inflated by a high number of spam accounts.
Zatko filed the complaint last month with the U.S. Securities and Exchange Commission (SEC) and Department of Justice (DOJ), as well as the Federal Trade Commission (FTC), according to The Washington Post.
The complaint has also been sent to congressional committees, and the US Senate Intelligence Committee said it takes the allegations seriously.
Senator Dick Durbin, the top Democrat on the Senate Judiciary Committee, said in a statement on Tuesday that the allegations “could expose dangerous privacy and data security risks for Twitter users around the world” if they arise. are accurate.
The committee’s top Republican, Chuck Grassley, also had concerns
“Take a technology platform that collects massive amounts of user data, combine it with what appears to be incredibly weak security infrastructure, and infuse it with foreign state actors with an agenda, and you have recipe for disaster,” he said. in a tweet on Tuesday.