The former head of security for Twitter, Peiter “Mudge” Zatko submitted a disclosure to U.S. Congress as well as other federal agencies last month regarding alleged major holes in Twitter’s security. The disclosure was recently sent to both CNN and The Washington Post.
This explosive information comes in the midst of an acquisition dispute between Elon Musk and Twitter. It is unclear what effect the release of this disclosure will have on the pending litigation but the information seems to be a game changer.
In the disclosure, Zatko describes the company’s environment as reckless and chaotic. The company which seems to be mismanaged allows a large number of staff access to the platform’s central controls and sensitive information, all without adequate oversight.
Zatko alleges that senior executives at the company have been trying to cover up the vulnerabilities. Another item in the disclosure is that one or more current employees are likely working for a foreign intelligence service.
The information most beneficial to Elon Musk’s claim in the disclosure is that Twitter does not reliably delete users’ data after their accounts are canceled.
According to CNN:
In some cases, because the company has lost track of the information, and that it has misled regulators about whether it deletes the data as it is required to do. The whistleblower also says Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and were not motivated to.
After brining his concerns to CEO Parag Agrawal and having been discouraged by Agrawal and his lieutenants to not provide a full accounting of the security problems to Twitter’s board of directors, Zatko was fired in January of this year. Twitter claimed Zatko was fired for poor performance.
Zatko’s disclosure states he attempted to flag the security lapses to Twitter’s board and help the company fix years of technical shortcomings as well as get their privacy agreement in compliance with the Federal Trade Commission.
Zatko’s lawyer John Tye (Founder of Whilstlblower Aid) made it clear that Zatko has not been in contact with Mr. Musk and that the process had been started before Musk had any involvement with Twitter.
Attorney for Musk said in response to CNN’s article, “We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding.”
A Twitter spokesperson denied the allegations saying, “Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance.”
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
After Jack Dorsey stepped down last November according to the disclosure the executive team asked for Zatko to give an oral report instead of a written account of the initial findings on the company’s security conditions. Zatko alleges they also went behind his back and had a third-party consulting firm report scrubbed to the extent of the company’s problems.
Dorsey originally hired Zatko, and paints picture that Dorsey genuinely wanted the problems within the company fixed however he seemed extremely disengaged in the months before his departure from Twitter.
Zatko believes he was fired for sounding the alarm about the security problems within Twitter.
U.S. Senator Chuck Grassley (R-IA) who is an avid Twitter user expressed his concerns in a statement.
“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster. The claims I’ve received from a Twitter whistleblower raise serious national security concerns as well as privacy issues, and they must be investigated further.”
It is possible that this revelation may change the outcome for Musk and Twitter.
