Twitter whistleblower alleges major security lapses at social media firm

The former head of security has accused the company of risking US national security.
A person uses the Twitter app on an iPhone (Andrew Matthews/PA)
PA Archive
Martyn Landi23 August 2022

Twitter has substantial security problems that place personal user data and potentially national security at risk according to a former company executive turned whistleblower, it has been reported.

According to a disclosure sent to the US Congress and federal agencies last month and obtained by CNN and the Washington Post, Twitter’s former head of security claims the company allows too many people to access the platform’s central controls and some sensitive information.

Peiter “Mudge” Zatko, who was sacked by Twitter in January, has claimed some of the company’s senior executives have been trying to cover up serious security vulnerabilities and that one or more current employees may be working for a foreign intelligence service.

According to reports, Mr Zatko’s disclosure alleges that Twitter executives have misled its own board and US regulators about security vulnerabilities, and that the platform could be susceptible to foreign interference or spying and hacking.

Mr Zatko's allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders

Twitter spokesperson

His claims include allegations of poor basic security practices, with as many as thousands of staff members able to access the sensitive central controls of the platform and a lack of transparency around who has accessed what data and when.

In addition, it has been reported the disclosure claims that Twitter does not have the ability to fully calculate the true number of bot or fake accounts on the platform – an issue which has become central to billionaire Elon Musk’s protracted and now stalled takeover which is currently heading for trial in the US in October, with Twitter looking to force through the £37.4 billion deal.

Mr Zatko’s lawyer told CNN that the whistleblower had not been in contact with Mr Musk and that Mr Zatko had started the whistleblowing process before there was any awareness of Mr Musk’s attempts to buy the platform.

The disclosure also claims the US government provided specific evidence to Twitter shortly before Mr Zatko left the company that at least one of its employees was working for another government’s intelligence service.

However, the whistleblower’s report does not state whether Twitter was already aware of this or if subsequent action was taken.

Mr Zatko said he had attempted to raise the alleged security lapses with Twitter’s board and claims his public whistleblowing comes after those attempts failed.

In response, Twitter disputed Mr Zatko’s account of the company’s practices.

“Mr Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance,” a Twitter spokesperson said.

“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context.

“Mr Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in