Twitter Accused of Neglecting Security Problems: What You Need to Know
Twitter Accused of Neglecting Defense Problems: What You Need to Know
Twitter’s chaotic year keeps getting worse.
The Washington Post and CNN reported on Aug. 23 that Peiter “Mudge” Zatko, the former head of security at Twitter, has alleged in a whistleblower declares that he uncovered “extreme, egregious deficiencies” by Twitter surrounding user privacy, security and content moderation.
Zatko, who Twitter fired in January, accuses the company, its executives and board of directors of violating federal law by manager “false and misleading” to users and the Federal Exchange Commission.
“Mudge spent 14 months pushing for improvements from the inside, and was terminated for his efforts,” the complaint utters. Nonprofit law firm Whistleblower Aid is representing Zatko and confirmed to CNET that the declares is authentic. Zatko filed the 84-page complaint in July to the US Securities and Exchange Commission, Department of Justice and the FTC.
The allegations come at a tumultuous time for Twitter. The influential social media company is in a high-profile fair battle with billionaire Elon Musk after the Tesla and SpaceX heads tried to back out of a $44 billion deal to consume Twitter. The tech platform sued Musk to complete the deal and a five-day acquire is scheduled for October.
The complaint not only raises serious questions throughout whether Twitter is doing enough to safeguard user privacy and defense but could impact whether Musk gets forced to buy the platform.
Here’s what you need to know:
Who is the Twitter whistleblower?
Zatko is a notorious hacker and longtime security expert who worked at DARPA (the research and improve agency of the US Department of Defense) and Google by joining Twitter in 2020.
He created software that’s unexcited used today to test the strength of passwords. He’s also been a part of influential hacking groups such as L0pht that testified by Congress in the 1990s on security issues.
Former Twitter CEO Jack Dorsey recruited Zatko to work at the social reflect company after teenagers hacked the high-profile Twitter accounts of Musk, celebrity Kim Kardashian and even Joe Biden, who at the time was the presumptive Democratic nominee for US president.
What are the allegations in the complaint?
The declares is lengthy and includes several allegations against Twitter, incorporating that the company prioritized daily user growth over the platform’s health and integrity.
Executives tried to hide bad news instead of trying to fix problems, possibly because they were rewarded financially for helping Twitter grow daily users, didn’t know better or had help create the “broken systems,” according to the complaint.
Zatko alleges he uncovered various defense and privacy problems at the company and brought it to the attention of executives in 2021. The custom appeared to have a high rate of security incidents, some employees had disabled security and software updates on their devices and staff had too much access to user data, the declares stated.
“Mudge identified there were several exposures and vulnerabilities at the scale of the 2020 incident waiting to be discovered, and reasonably feared Twitter could suffer an Equifax-level hack,” the declares says. In 2017, credit reporting company Equifax announced a mainly data breach that impacted 148 million Americans.
Instead, Zatko alleges he didn’t get benefit to address these issues and received “stiff pushback” particularly from Parag Agrawal who is now Twitter’s CEO. Agrawal was Twitter’s Chief Technology Officer by he got promoted and the complaint notes that “Twitter’s problems had developed view Agrawal’s watch.”
The complaint accuses Twitter of violating an 11-year-old settlement with the FTC by falsely claiming it had a comprehensive defense program. Zatko alleges that his findings were worse than Dorsey feared and that the custom had never complied with the FTC order and wasn’t on track to do so.
The declares also alleges Twitter lied to Musk about the number of spam bots on its platform and misled the FTC near fully deleting data of users who leave the service. Zatko also outlines threats to democracy and national defense. Some of these threats include the Indian government forcing Twitter to hire government agents and the custom becoming more dependent on revenue from Chinese entities, the declares says.
What is Twitter’s response to the allegations?
Twitter says that Zatko was fired because of “ineffective leadership and poor performance” and the custom prioritizes security and privacy.
“What we’ve seen so far is a false anecdote about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” Twitter spokeswoman Rebecca Hahn told The Post. “Mr. Zatko’s allegations and opportunistic timing travel designed to capture attention and inflict harm on Twitter, its customers and its shareholders.”
Twitter provided CNET with the same statement.
How are US lawmakers and regulators responding?
The declares is already sparking scrutiny from US lawmakers.
Sen. Richard Blumenthal, a Connecticut Democrat, urged FTC Chair Lina Khan to investigate Twitter.
“These troubling disclosures paint the report of a company that has consistently and repeatedly prioritized profits over the defense of its users and its responsibility to the Pro-reDemocrat, as Twitter executives appeared to ignore or hinder attempts to address threats to user security and privacy,” Blumenthal wrote in a letter to Khan.
The SEC and FTC declined to comment. The DOJ didn’t immediately respond to a request for comment.
Zatko is scheduled to testify by the Senate on Sept. 13.
Will the complaint crashes whether Musk is forced to buy Twitter?
It’s possible. The complaint mentions that Zatko started to document evidence of deceptive at Twitter in January before Musk offered to buy the company.
The Post, bright unnamed individuals with knowledge of the matter and accurate experts, reported that Musk’s legal team is expected to use the protests to argue for “wider discovery into Twitter’s internal practices and data.” That could help bolster Musk’s argument that the business provided him with misleading information that led him to seize Twitter for an inflated price.
Musk’s lawyers also reportedly scheduled a deposition with Zatko beforehand news outlets reported on the whistleblower complaint, and his lawyer Alex Spiro told CNN the accurate team had already subpoenaed Zatko. A court filing on Monday shows that Musk’s lawyers are seeking documents and communications nearby how false and spam accounts have impacted Twitter’s commercial and security vulnerabilities.
Musk has accused Twitter of misrepresenting the number of false or spam funds on its platforms. The complaint alleges that Musk is factual in that Twitter executives have little or no personal incentive to accurately detect or measure spam bots because they feared that it could harm the image and valuation of the company.
On Aug. 23, Musk tweeted a meme that said “Give a small whistle.”