Peiter “Mudge” Zatko, Twitter’s former chief security officer, said the company misestimated the number of bots on the platform, concealed lax security practices and misled federal regulators about its security, according to a document he filed. before the United States Securities and Exchange Commission (SEC).
The more than 200-page complaint was filed with the agency last month and was made public by and on Tuesday. In it, the former director accused Twitter of misleading shareholders and violating an agreement it made with the Federal Trade Commission (FTC) to maintain the platform’s security standards.
Zatko joined Twitter in 2020, after the social network suffered a hack where high-profile accounts, such as Barack Obama or Bill Gates, among others, were compromised. However, he was fired in January in retaliation for not wanting to remain silent about the company’s vulnerabilities, according to his complaint.
“This would never be my first step, but I think I am still fulfilling my obligation to Jack (Dorsey, former CEO of Twitter) and to the users of the platform. I want to finish the job that Jack brought me here for, which is to improve the platform,” Zatko told the Post.
The whistleblower claimed that he joined Twitter, considering it a “critical resource” for the world, but lost his enthusiasm after the refusal of the company’s new CEO, Parag Agrawal, to address security flaws.
Among some of the revelations it made to the SEC, they highlight that Twitter’s method of measuring the number of bots is misleading, even though the company has claimed that less than 5% of daily users are bots or fake accounts. This is important because it could affect the fight with Musk for the purchase of the social network for 44,000 million dollars.
In addition, he said that executives receive incentives, such as bonuses of up to $10 million, to increase the number of users rather than eliminate spam bots.
In security matters, the complaint mentions that Twitter gives access to critical systems to too many employees, which allows many people to have access to personal user data and internal software, in addition to the fact that thousands of laptops have complete copies of the source code. of the social network.
On the other hand, the complaint mentions that the company did not delete user data when requested, due to the information being too scattered, but a current employee told the Post that they have just launched a project to ensure proper data deletion. .
Regarding the platform’s relationship with the government, Zatko mentioned that while in 2010 Twitter settled charges with the FTC about failing to protect the personal information of its consumers, in subsequent years it has repeatedly made “false and misleading statements” to users. and the agency, violating this agreement.
Currently, the accusations are being reviewed by the FTC and if they are correct, the body could impose large fines on the platform, in addition to being an argument in favor of Musk in the case of the purchase of the social network.
However, the platform has already responded to Zatko’s accusations by saying that it presented information in a selective and sensational way.
“Zatko was fired from his top executive position at Twitter for poor performance and ineffective leadership more than six months ago. While we have not had access to the specific allegations you reference, what we have seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies, inaccuracies, and lacks important context. company spokesman to CNN.
