Whistleblower Says Twitter Has Major Security Vulnerabilities
The whistleblower also claims that the company has misled its board, as well as the government, about such security vulnerabilities.
Amid the controversy over who is going to end up owning Twitter, the company is now dealing with another, potentially major controversy.
On Tuesday, CNN and the Washington Post reported that Peiter “Mudge” Zatko, the company’s former head of security, has come forward as a whistleblower about his experiences. He claims that the company is “a chaotic and reckless environment at a mismanaged company that allows too many of its staff access to the platform's central controls and most sensitive information without adequate oversight.”
In addition to speaking to the media, Zatko filed an official whistleblower disclosure with the government numbering 200 pages. He also claims that the company misled its board and the government about such security vulnerabilities.
CNN additionally reported that Zatko claimed “Twitter executives don't have the resources to fully understand the true number of bots on the platform, and were not motivated to,” which is likely to be of interest to Elon Musk. However, Zatko’s attorney told the media outlet that the whistleblower has not been in contact with Musk and that his complaints precede the billionaire’s efforts to buy the company. What the disclosures mean for the lawsuit between the company and Musk, which is set to go to trial in Delaware in October, is unclear.
“Mr. Zatko was fired from his senior executive role at Twitter for poor performance and ineffective leadership over six months ago,” a Twitter spokesperson told CNN this week. “While we haven’t had access to the specific allegations being referenced, what we’ve seen so far is a narrative about our privacy and data security practices that are riddled with inconsistencies and inaccuracies, and lack important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers, and its shareholders. Security and privacy have long been company-wide priorities at Twitter and we still have a lot of work ahead of us.”
Zatko got his start as an “ethical hacker,” and later worked for the Pentagon’s Defense Advanced Research Projects Agency, and then Google, before joining Twitter in November 2020. Twitter hired him after the embarrassing hack in the summer of 2020, in which the accounts of such prominent Twitter users as former President Barack Obama were compromised. Zatko claimed at the time that he had been offered a position with the Biden administration.
“It was impossible to protect the production environment. All engineers had access,” he said in the disclosure, per CNN. “There was no logging of who went into the environment or what they did...Nobody knew where data lived or whether it was critical, and all engineers had some form of critical access to the production environment.”
Stephen Silver, a technology writer for The National Interest, is a journalist, essayist and film critic, who is also a contributor to The Philadelphia Inquirer, Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, Broad Street Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons. Follow him on Twitter at @StephenSilver.