The former head of security at Twitter has accused the company of “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy,” according to a whistleblower complaint filed with the SEC, Federal Trade Commission and the Justice Department.
Peiter “Mudge” Zatko, a well-known hacker, was hired by Twitter in late 2020, following a very public security breach when the accounts of several well-known users, including Joe Biden, were compromised. He was let go from the social media company less than two years later.
His complaint, which was first reported by The Washington Post and CNN, was filed after attempts to inform the Twitter board of the security lapses were ignored.
Zatko claims in the complaint that Twitter chief executive Parag Agrawal and other executives and directors were guilty of “extensive legal violations,” including making misleading statements to its users, and acting with “negligence and even complicity” when foreign governments attempted to infiltrate the platform.
The former employee also claimed that thousands of employee laptops contained complete copies of Twitter’s source code, and one-third of those devices were blocking automatic security fixes, had firewalls turned off and had remote access enabled for non-approved purposes.
“In 2020 alone, Twitter had more than 40 security incidents, 70% of which were access control-related,” the SEC complaint reads. “These included 20 incidents defined as breaches; all but two of which were access control related.”
Twitter denied the claims, and released a statement saying Zatko was fired for ineffective leadership and poor performance. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” a spokesperson said. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been companywide priorities at Twitter and will continue to be.”
The allegations are poorly-timed for Twitter, which is currently fighting out a legal battle with Elon Musk, who is attempting to walk away from a $44 billion agreement to buy the company.