Twitter’s former top security official has alleged that company executives endangered national security.— TIME (@TIME) August 23, 2022
He also accuses Twitter executives of “lying about bots” https://t.co/WeFWTpmQV1
The former official, Peiter “Mudge” Zatko, is a famous hacker and one of the nation’s top cybersecurity experts. He served as Twitter’s security lead from Nov. 2020 to Jan. 2022, when he was fired by CEO Parag Agrawal after Zatko began documenting what he says were repeated security violations, and as he worked with the company’s compliance officer on a formal investigation based on his claims.
Zatko submitted his disclosures to U.S. regulatory agencies in July, invoking federal whistleblower protections, and they were shared with members of Congress. In 84 pages of disclosures and supporting documents, which TIME reviewed, Zatko accuses the $33 billion social-media platform’s top executives of violating the Federal Trade Commission Act and Securities and Exchange Commission regulations by misleading users, investors and board members about critical data security and privacy issues. These vulnerabilities led to frequent serious security breaches, exploitation by bad actors, and infiltration by foreign governments, Zatko alleges.
The documents shine a light on what Zatko alleges are years of basic security failings at Twitter, which he says make the platform vulnerable to abuse and even total collapse. Notably, the disclosures imply that the problems were allowed to fester under Agrawal, who was the most senior executive in charge of security issues before Zatko arrived.
“If these problems are not corrected, regulators, media, and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics,” Zatko wrote in a Feb. 2022 document cited in the disclosure.
The disclosures come just weeks before the first scheduled court date in a legal dispute over the pending sale of the company to billionaire Elon Musk, who is seeking to extricate himself from an agreement to purchase the company. Musk claims Twitter misled him and investors about the percentage of spam bots and fake accounts that make up its user base. According to internal company emails submitted as part of the disclosures, Zatko began documenting Twitter’s alleged wrongdoings months before Musk publicly announced his desire to buy the company. The trial over whether Musk must go through with his initial agreement to buy Twitter is set to start on Oct. 17 in Delaware.