Former Twitter security chief blows whistle on company’s “egregious deficiencies”
Peiter “Mudge” Zatko says he was alarmed by gross negligence in Twitter’s anti-hacking protocols during his tenure as an executive there.
In July, Peiter “Mudge” Zatko — a well-known “ethical hacker” who worked as Twitter’s head of security from late 2020 to January of this year — lodged complaints against the company with the Securities and Exchange Commission, the Federal Trade Commission, and the Justice Department. Earlier this month, he shared his concerns about “egregious deficiencies” in the platform’s anti-hacking protocols with The Washington Post and CNN in the form of a 200-page exclusive disclosure, and both outlets published reports on his findings this morning (August 23).
Zatko’s document accuses Twitter of “extensive legal violations” including “negligence and even complicity” in endangering its users’ personal data, the positions of its shareholders, and national security. He claims these serious issues stem from shortcomings in the corporation’s policies surrounding security, privacy, and content moderation that date back more than a decade.
The allegations arrive as Twitter continues its legal battle with Elon Musk, who is attempting to back out of his contract to purchase the social media giant for $44 billion. Twitter has sued Musk to enforce the deal, and the trial has been scheduled to begin in October in Delaware Chancery Court. In a statement to CNN, a Twitter representative insinuated that Zatko’s complaint was timed to damage the company in retaliation for his firing.
“Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance,” the spokesperson said. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
Zatko, on the other hand, believes his firing itself was a retaliation for pointing out the flaws in Twitter’s security system. He claims Twitter’s current CEO and former chief technology officer, Parag Agrawal, consistently discouraged him from disclosing his findings to the board of directors, and later ordered him to give his presentation orally rather than submitting a detailed written account of the major issues he’d found, forcing him to cherry pick the facts to make the situation look less dire than it was.
After viewing Zatko’s report, U.S. Senators Dick Durbin (D-IL) and Chuck Grassley (R-IA) both expressed concern about the implications of Twitter’s alleged misconduct. “Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” Grassley told CNN. “The claims I’ve received… raise serious national security concerns as well as privacy issues, and they must be investigated further.”