An anonymous reader quotes a report from CNN: Twitter has major security issues that pose threats to its own users’ personal information, the company’s shareholders, national security and democracy, according to an explosive whistleblower disclosure obtained exclusively by CNN and the Washington Post. The disclosure, sent to Congress and federal agencies last month, paints a picture of a chaotic and uncaring environment at a poorly run company grants access to the platform’s core controls and most sensitive information to many of its employees without proper oversight. It also alleges that some of the company’s top executives have attempted to cover up Twitter’s serious vulnerabilities, and that one or more current employees may be working for a foreign intelligence agency.
The whistleblower who has agreed to be publicly identified is Peiter “Mudge” Zatko, who was previously the company’s head of security and reported directly to the CEO. Zatko further alleges that Twitter’s leadership has misled its own board of directors and government regulators about its security vulnerabilities, including some that could allegedly open the floodgates to foreign espionage or manipulation, hacking, and disinformation campaigns. The whistleblower also alleges that Twitter does not reliably delete users’ data after they terminate their accounts, in some cases because the company has lost track of the information and that it has misled regulators as to whether it deletes the data as required. The whistleblower also says Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and weren’t motivated to do so. Bots have recently become a central part of Elon Musk’s attempts to back out of a $44 billion deal to buy the company (although Twitter denies Musk’s claims).
Zatko was fired by Twitter in January for allegedly poor performance. According to Zatko, his public whistleblowing comes after he tried to report the vulnerabilities to Twitter’s board of directors and help Twitter fix years of technical flaws and alleged non-compliance with a previous privacy agreement with the Federal Trade Commission. Zatko is represented by Whistleblower Aid, the same group that represented Facebook whistleblower Frances Haugen. John Tye, founder of Whistleblower Aid and Zatko’s attorney, told CNN that Zatko had no contact with Musk and said Zatko started the whistleblower process before there was any evidence of Musk’s involvement in Twitter. After this article was originally published, Alex Spiro, an attorney for Musk, told CNN, “We already issued a subpoena for Mr. Zatko, and we found his departure and that of other key employees to be odd given what we found .” “Mr. Zatko was fired from his senior position at Twitter in January 2022 due to ineffective leadership and poor performance,” the Twitter spokesperson said. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices, riddled with inconsistencies and inaccuracies, and lacking important context.Mr. Zatko’s allegations and his opportunistic timing appear designed to attract attention and harm Twitter, its customers and its shareholders.Security and privacy have long been company-wide at Twitter priorities and will continue to be be.”
Zatko also alleges that the Indian government has forced Twitter to payroll a government agent who gives them access to sensitive user data. “Twitter is involved in a legal challenge against the Indian government after asking a local court in July to overturn some government orders removing content from the social media platform and alleged abuses of power by officials,” Reuters added.