Twitter’s Former Security Chief Accuses It of ‘Egregious Deficiencies’

Twitter’s former head of security has accused the company of “extreme, egregious deficiencies” in its spam- and hacker-fighting practices, according to a whistle-blower complaint.

The complaints by Peiter Zatko, the former executive, said that the shortcomings in enforcing security, privacy and content moderation policies dated to 2011. Mr. Zatko, a well-known hacker who is known in the security community as Mudge, joined Twitter in late 2020 and was terminated by the company in January.

His complaints were sent to the Securities and Exchange Commission, Justice Department and Federal Trade Commission on July 6. The Washington Post and CNN first reported on the complaints.

Mr. Zatko accuses Twitter, its chief executive Parag Agrawal and other executives and directors of “extensive legal violations,” including making misleading statements to users, misrepresentations to investors and acting with “negligence and even complicity” toward efforts by foreign governments to infiltrate the platform, according to the complaint filed with the S.E.C., which was obtained by The New York Times.

The allegations come at a perilous time for Twitter, which is locked in a legal battle with Elon Musk over his efforts to walk away from a $44 billion agreement to acquire the social media company. Twitter has sued Mr. Musk to force him to close the deal, and the two sides are set to go to trial at the Delaware Chancery Court in October.

The complaints put forward by Mr. Zatko and Mr. Musk are in some ways similar, focusing on the number of fake users on Twitter’s website. Mr. Musk claims that Twitter’s public disclosures about those figures are materially misleading.

Perhaps most damaging, if true, is Mr. Zatko’s allegation that Twitter is in violation of its 2011 settlement with the F.T.C. over its safeguarding of user information. The agency had accused Twitter of “serious lapses” in data security that “allowed hackers to obtain unauthorized administrative control of Twitter” including the ability to send out phony tweets.

A spokeswoman for Twitter said Mr. Zatko was fired in January 2022 for ineffective leadership and poor performance. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” she said. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been companywide priorities at Twitter and will continue to be.”

This is a developing story. Check back for updates.

Back to top button