Twitter does not know how many bots are on its platform and is riddled with vast and dangerous security problems, according to its former security chief.
The company has misled federal regulators and is much less safe than it has suggested, said Peiter Zatko, who until recently was Twitter’s head of security but now says he is blowing the whistle on the company. Mr Zatko is a well-known security expert also known by the nickname “Mudge”.
Mr Zatko’s criticism comes amid ongoing legal battles between Twitter and Elon Musk, who has also accused Twitter of having far more automated accounts than it has revealed. That trial is scheduled for October.
John Tye, founder of Whistleblower Aid and Zatko’s lawyer, said Mr Zatko has not been in contact with Mr Musk, adding that he began the whistleblower process before there was any indication of the entrepreneur’s involvement with Twitter, according to CNN, which alongside The Washington Post first reported the allegations.
The complaint by Mr Zatko was filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission, according to The Washington Post.
The former security chief also said that Twitter employees had widespread access to important Twitter systems, and that he feared they could be used to cause political problems.
But Twitter said that Mr Zatko’s employment had been terminated in January, citing “ineffective leadership and poor performance”. He had been at the company for two years.
“Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be,” a spokesperson said.
According to reports, Mr Zatko’s disclosure alleges that Twitter executives have misled its own board and US regulators about security vulnerabilities, and that the platform could be susceptible to foreign interference or spying and hacking.
His claims include allegations of poor basic security practices, with as many as thousands of staff members able to access the sensitive central controls of the platform and a lack of transparency around who has accessed what data and when.
The disclosure also claims the US government provided specific evidence to Twitter shortly before Mr Zatko left the company that at least one of its employees was working for another government’s intelligence service.
However, the whistleblower’s report does not state whether Twitter was already aware of this or if subsequent action was taken.
Mr Zatko said he had attempted to raise the alleged security lapses with Twitter’s board and claims his public whistleblowing comes after those attempts failed.
Additional reporting by Reuters
