By Matthew Kaufman
International Assistant Editor
Twitter’s former head of security recently filed a whistleblower complaint against the company, alleging that it misled shareholders and the public about its security practices. The complaint comes as Twitter engages in a legal battle with Elon Musk over his desire to get out of purchasing the company.
In the 84-page complaint, filed with the Securities and Exchange Commission, Federal Trade Commission and the Department of Justice, the former security chief, Peter Zatko, claims Twitter suffered from “extreme, egregious, deficiencies” in its digital defenses and efforts to stop spam, according to the Washington Post.
For example, the document claims that reducing spam on the platform took a backseat to growing the user base, with executives who brought increases in daily users standing to win bonuses of up to $10 million dollars, but cutting spam was not incentivized. Zatko also wrote that, internally, Twitter could not identify how many spam or bot accounts existed on the network, as this “would harm the image and valuation of the company.”
Regarding security, the complaint reports that almost a third of company laptops blocked automatic security updates and that thousands of computers contained the site’s source code, providing an easily accessible way for attackers to gain access to and disrupt the site, according to the Post.
Another aspect of Twitter’s practices that Zatko takes issue with is that many employees have access to sensitive data and areas. This sweeping access is “unheard of in a company the age and importance of Twitter, where nearly all employees have access to systems or data they should not,” Zatko wrote in the filing, according to CNBC.
Zatko joined Twitter in 2020 after a hacker group penetrated the site’s defenses and tweeted from influential accounts including those of Joe Biden, Barack Obama and Bill Gates. He was fired in January 2022 after raising his concerns with company leadership, according to the complaint.
“Mr. Zatko was fired from Twitter more than six months ago for poor performance and leadership, and he now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders,” Rebecca Hahn, Twitter’s global vice president of communications, told the Post, calling the accusations “riddled with inaccuracies.”
The complaint is another controversy for Twitter, as for months it has been engaged in a back-and-forth with billionaire Elon Musk, who is trying to back out of his $44 billion agreement to buy the company.
Musk wants out of the deal because of his belief that Twitter has underreported the prevalence of spam and bot accounts on the platform. Twitter says such accounts make up 5% or less of total users.
According to Barron’s, Musk’s legal team will make the case that Zatko’s complaint be added to his lawsuit seeking termination of the deal.
“We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding,” Alex Spiro, a lawyer for Musk said in an earlier statement to CNBC.
For Zatko, becoming a whistleblower was the best way he felt he could improve the company.
“This would never be my first step, but I believe I am still fulfilling my obligation to Jack [Dorsey, Twitter CEO] and to users of the platform,” he told the Post. “I want to finish the job Jack brought me in for, which is to improve the place.”
