Former Security Chief Claims Twitter Poses Security Risks for Users
Twitter’s former head of security, who was recently fired, is alleging that the social media platform poses privacy threats for its 238 million daily users, including government agencies and officials, constituting a national security concern.
The claim is made by Peiter “Mudge” Zatko, a computer hacker who had been hired by former Twitter Chief Executive Officer Jack Dorsey.
Zatko’s accusations, including alleged “extreme, egregious deficiencies” in Twitter’s practices to combat spam and hacking, are contained in a whistleblower document sent on July 6 to three U.S. government agencies, including the Department of Justice.
Details of the complaint were first reported on Tuesday by CNN and The Washington Post. A redacted version of the document was sent to the U.S. Congress.
Zatko “was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance,” a Twitter spokesperson, who did not want to be identified by name, said in a statement to VOA. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
Zatko alleges Twitter violated terms of a 2011 settlement with the U.S. Federal Trade Commission by falsely claiming it had a solid security plan. Zatko says he warned colleagues that in reality the social media company’s computers were running outdated and vulnerable software and that company executives hid information from the board of directors about the lack of data protection and the actual number of security breaches.
The revelations come as Twitter finds itself in a legal battle with Elon Musk, considered the world’s richest person. Musk, who is chief executive officer of electric carmaker Tesla, pulled out of an agreement last month to purchase Twitter for $44 billion. Musk accused Twitter of hiding information about its number of automated user accounts, known as bots.
“I felt ethically bound. This is not a light step to take,” Zatko told The Washington Post about his whistleblower complaint. He declined to elaborate on its contents.
Zatko was fired in January by Dorsey’s successor, Parag Agrawal.
Under whistleblower protection laws in the United States, Zatko is entitled to legal protection against retaliation and may be eligible to receive money as a reward if his revelations lead to successful enforcement actions by government agencies.
“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” said Senator Chuck Grassley.
“The claims I’ve received from a Twitter whistleblower raise serious national security concerns as well as privacy issues, and they must be investigated further,” said Grassley, the top Republican on the Senate Judiciary Committee, in a statement supplied to VOA and other news organizations.
Michelle Quinn in San Francisco contributed to this report.