Twitter whistleblower alleges security lapses at social media firm

San Francisco, California - Twitter has substantial security problems that place personal user data and potentially national security at risk, according to a former company executive turned whistleblower.

Twitter's former head of security has claimed that the company's senior executives have been trying to cover up serious security vulnerabilities (stock images).
Twitter's former head of security has claimed that the company's senior executives have been trying to cover up serious security vulnerabilities (stock images).  © Collage: 123RF/mshmeljov & 123RF/piter2121

According to a disclosure sent to the US Congress and federal agencies last month and obtained by CNN and the Washington Post, Twitter’s former head of security claims the company allows too many people to access the platform’s central controls and some sensitive information.

Peiter "Mudge" Zatko, who was fired by Twitter in January, has claimed some of the company’s senior executives have been trying to cover up serious security vulnerabilities and that one or more current employees may be working for a foreign intelligence service.

According to reports, Zatko’s disclosure alleges that Twitter executives have misled its own board and US regulators about security vulnerabilities, and that the platform could be susceptible to foreign interference or spying and hacking.

His claims include allegations of poor basic security practices, with as many as thousands of staff members able to access the sensitive central controls of the platform and a lack of transparency around who has accessed what data and when.

Twitter whistleblower raises concerns over fake accounts

Zatko's lawyer said he started the whistleblowing process before any news of Elon Musk's possible Twitter takeover.
Zatko's lawyer said he started the whistleblowing process before any news of Elon Musk's possible Twitter takeover.  © REUTERS

In addition, it has been reported the disclosure claims that Twitter does not have the ability to fully calculate the true number of bot or fake accounts on the platform – an issue which has become central to billionaire Elon Musk’s protracted and now stalled takeover which is currently heading for trial in the US in October, with Twitter looking to force through the $44-billion deal.

Zatko’s lawyer told CNN that the whistleblower had not been in contact with Musk and that Zatko had started the whistleblowing process before there was any awareness of Musk’s attempts to buy the platform.

The disclosure also claims the US government provided specific evidence to Twitter shortly before Zatko left the company that at least one of its employees was working for another government’s intelligence service.

However, the whistleblower’s report does not state whether Twitter was already aware of this or if subsequent action was taken.

Twitter responds to the allegations

Zatko said he had attempted to raise the alleged security lapses with Twitter’s board and claims his public whistleblowing comes after those attempts failed.

In response, Twitter disputed Zatko’s account of the company’s practices.

"Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance," a Twitter spokesperson said.

"What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context."

"Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be."

Cover photo: Collage: 123RF/mshmeljov & 123RF/piter2121

More on Twitter / X News: