Twitter whistleblower makes shock claims ahead of Elon Musk court case

Company misled federal regulators and is much less safe than it has suggested, says ex-head of security

Andrew Griffin
Tuesday 23 August 2022 16:23 BST
Comments
Peiter Zatko said that the platform could be susceptible to foreign interference or spying and hacking
Peiter Zatko said that the platform could be susceptible to foreign interference or spying and hacking (PA Archive)
Leer en Español

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

Twitter does not know how many bots are on its platform and is riddled with vast and dangerous security problems, according to its former security chief.

The company has misled federal regulators and is much less safe than it has suggested, said Peiter Zatko, who until recently was Twitter’s head of security but now says he is blowing the whistle on the company. Mr Zatko is a well-known security expert also known by the nickname “Mudge”.

Mr Zatko’s criticism comes amid ongoing legal battles between Twitter and Elon Musk, who has also accused Twitter of having far more automated accounts than it has revealed. That trial is scheduled for October.

John Tye, founder of Whistleblower Aid and Zatko’s lawyer, said Mr Zatko has not been in contact with Mr Musk, adding that he began the whistleblower process before there was any indication of the entrepreneur’s involvement with Twitter, according to CNN, which alongside The Washington Post first reported the allegations.

The complaint by Mr Zatko was filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission, according to The Washington Post.

The former security chief also said that Twitter employees had widespread access to important Twitter systems, and that he feared they could be used to cause political problems.

But Twitter said that Mr Zatko’s employment had been terminated in January, citing “ineffective leadership and poor performance”. He had been at the company for two years.

“Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be,” a spokesperson said.

According to reports, Mr Zatko’s disclosure alleges that Twitter executives have misled its own board and US regulators about security vulnerabilities, and that the platform could be susceptible to foreign interference or spying and hacking.

His claims include allegations of poor basic security practices, with as many as thousands of staff members able to access the sensitive central controls of the platform and a lack of transparency around who has accessed what data and when.

The disclosure also claims the US government provided specific evidence to Twitter shortly before Mr Zatko left the company that at least one of its employees was working for another government’s intelligence service.

However, the whistleblower’s report does not state whether Twitter was already aware of this or if subsequent action was taken.

Mr Zatko said he had attempted to raise the alleged security lapses with Twitter’s board and claims his public whistleblowing comes after those attempts failed.

Additional reporting by Reuters

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in