Former Twitter Head of Security Reveals The Company’s Vulnerabilities

The dust around Twitter doesn’t settle. Recently, the company’s former head of security, the legendary hacker-turned-cybersecurity-expert Peiter “Mudge” Zatko, disclosed some important details concerning Twitter’s activity. He said that Twitter didn’t provide the necessary information and misled federal regulators about its safety. If this information is accurate, Twitter might have to pay federal fines. Moreover, this could become a reason for Elon Musk not to buy the social platform.

Zatko Reveals How Twitter Misled FTC

If you seek reasons why Zatko disclosed this information, you must know he was fired in January this year. And this is retaliation for his refusal to stay quiet about the company’s vulnerabilities. Moreover, in July, he filed a 200-page complaint with the Securities and Exchange Commission (SEC). He is accusing Twitter of deceiving shareholders and violating its agreement with the Federal Trade Commission (FTC) to uphold certain security standards.

He joined Twitter in 2020. According to his words, the platform is a “critical resource” for the world. So he wanted to fix all vulnerabilities. But the company’s CEO (Parag Agrawal) refused to tackle many security failings.

“This would never be my first step, but I believe I am still fulfilling my obligation to Jack and users of the platform,” Zatko told The Washington Post regarding his decision to become a whistleblower. “I want to finish the job Jack brought me in for, which is to improve the place.”

Key Points In Zatko’s Complaint

You understand that we can’t publish everything from the 200-page report. But here are some noteworthy points:

• Many Twitter employees have access to critical systems. For instance, around 7000 full-time employees can access users’ sensitive personal data.
• Though in 2010, Twitter signed an agreement with FTC to protect consumers’ personal information, it turns out Twitter has made “false and misleading statements” misleading FTC.

• Twitter has always said that only 5% of its monthly active users are bots, fake accounts, or spam. But according to Zatko, this number isn’t accurate and is far from being true.
• Though there have been many requests to delete certain users’ data, the company never did it.

Twitter Doesn’t Remain Quiet

In its turn, Twitter accused Zatko of making furor by selectively presenting the information.

“Mr. Zatko was fired from his senior executive role at Twitter for poor performance and ineffective leadership over six months ago. While we haven’t had access to the specific allegations being referenced, what we’ve seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and we still have a lot of work ahead of us.”

Anyway, what Zatko said will have a significant effect on the company. According to FTC, they have already started an investigation. With a strong possibility, they will levy huge fines against Twitter.

This might also become a turning point for Musk, who doesn’t want to acquire Twitter anymore. Instead, he wants to launch his own social platform. As you remember, he paused the deal saying Twitter hadn’t provided true information about the number of bots. “We have already issued a subpoena for Mr. Zatko,” Alex Spiro, a lawyer representing Musk, said in a statement, “and we found his exit and that of other key employees curious in light of what we have been finding.”