Whistleblower: Twitter Has 'Egregious' Security Gaps

Peiter 'Mudge' Zatko, former security chief for the social media platform, has filed a complaint
By Jenn Gidman,  Newser Staff
Posted Aug 23, 2022 9:45 AM CDT
Ex-Twitter Bigwig Says Site Has Been Reckless on Security
The logo for Twitter appears above a trading post on the floor of the New York Stock Exchange on Nov. 29.   (AP Photo/Richard Drew, File)

Elon Musk has been trying to wriggle out of his $44 billion deal to buy Twitter, and two new reports from CNN and the Washington Post may help out the richest man in the world in those endeavors. Both outlets have seen a complaint filed by whistleblower Peiter Zatko, Twitter's former head of security and a famous veteran hacker known as "Mudge," alleging that the social media platform isn't doing what it should be to fight spam and bots and has serious flaws in its safety and security measures against hackers. It also accuses Twitter of covering up those "extreme, egregious deficiencies," per Zatko's 84-page disclosure, filed last month with the Securities and Exchange Commission, the Federal Trade Commission, and the Department of Justice. A redacted version of the complaint was also sent to Congress.

Zatko specifically points the finger at Parag Agrawal, who became Twitter's CEO after Jack Dorsey stepped down in November. Agrawal tweeted in May that Twitter was "strongly incentivized to detect and remove as much spam as we possibly can"—an assertion that Zatko calls a lie. The Verge lays out more of Zatko's complaints, including that too many employees have access to critical systems; that the platform hasn't always deleted user data when requested; and that the company even misled the FTC over its claims it was keeping the platform secure. One particularly eyebrow-raising accusation Zatko makes: that "the Indian government forced Twitter to hire a government agent, who then had access to privileged user data," per the Verge. These issues pose threats not only to Twitter users and shareholders, Zatko alleges, but also to national security and even democracy, per CNN.

The "explosive allegations have huge potential consequences," including federal fines and Musk being able to step away from the deal, the Verge notes. A Twitter spokesperson tells CNN that Zatko was fired for "poor performance and ineffective leadership"—not as retaliation for him exposing these issues, as Zatko suggests—and notes that what they've seen of Zatko's "narrative" so far "is riddled with inconsistencies and inaccuracies, and lacks important context." As for the whistleblower himself, he says he feels it was his duty to report on what he knew via the disclosure. "This would never be my first step, but I believe I am still fulfilling my obligation to Jack [Dorsey] and to users of the platform," Zatko tells the Post. "I want to finish the job Jack brought me in for, which is to improve the place." Much more here and here on Zatko's complaint, as well as more here on the ex-hacker's backstory. (More Twitter stories.)

Get the news faster.
Tap to install our app.
Install the Newser News app
in two easy steps:
1. Tap in your navigation bar.
2. Tap to Add to Home Screen.