Social media platform Twitter has serious security issues that pose a threat to the US national security, company shareholders, and its own users, the company’s former head of security, Peiter “Mudge” Zatko, has claimed.
Zatko submitted his disclosure to US Congress and federal agencies last month, and it was seen by CNN and The Washington Post.
Zatko, who was fired from his position as Head of Security earlier this year, claims that Twitter’s leadership has misled its own board and federal authorities about the company’s severe weaknesses in its defences against hackers, as well as its feeble attempts to combat spam.
He alleged that a large number of employees can access Twitter’s core controls and certain sensitive information, and that vulnerabilities in the platform could allow foreign snooping, manipulation, or hacking.
He added that one or more current workers may be employed by a foreign intelligence agency.
Zatko also claimed that Twitter officials lacked the motivation and resources to properly understand the scope of the bot issue on the platform.
The allegations follow Tesla CEO Elon Musk’s withdrawal from the $44 billion acquisition of Twitter, which Musk claims is related to the number of bots on the platform.
In July, Musk’s lawyers told the US Securities and Exchange Commission (SEC) that their client was pulling out of the merger agreement because Twitter was ‘in material breach of multiple provisions’ of the agreement.
Zatko’s attorney told CNN that his client was not in contact with Musk, and that he had started the whistleblowing process before Musk publicly revealed his interest in acquiring the platform.
Musk’s legal team has served subpoenas on Zatko and former Twitter CEO Jack Dorsey in advance of the trial date of 17th October for Twitter’s case against him.
Zatko told the Washington Post, “This would never be my first step, but I believe I am still fulfilling my obligation to Jack and to users of the platform.”
In an email to staff members, Twitter CEO Parag Agrawal rejected Zatko’s accusations, calling them “fake narrative.”
The email, shared on Twitter by CNN reporter Donie O’Sullivan, said Zatko was sacked earlier this year for “ineffective leadership and poor performance.”
NEW: First time Twitter CEO @paraga weighs in on whistleblower story.
Sending this message to staff this morning. pic.twitter.com/WY4TCqbA5q
— Donie O’Sullivan (@donie) August 23, 2022
Agrawal said Zatko’s assertion was “riddled with inconsistencies and inaccuracies, and presented without important context” and that Zatko “was accountable for many aspects of this work that he is now inaccurately portraying more than six months after his termination.”
The chief executive said that given the current attention on Twitter, there would probably be additional stories in the days ahead.
“We will pursue all paths to defend our integrity as a company and set the record straight,” he wrote.