A former Twitter employee has denounced the company’s many, many cybersecurity shortcomings. In charge of correcting these problems, Peter Zatko threw in the towel before becoming a whistleblower.
This falls very badly for Twitter. While the platform is already struggling against the accusations of Elon Musk in the context of the trial against the South African billionaire, another controversy is shaking up the social network. Peiter Zatko, the site’s former cybersecurity manager, accuses the company of very serious failings regarding the protection of user data and even claims that the firm would have knowingly concealed certain data leaks from the authorities.
Hired in 2020, Peter Zatko (nicknamed Mudge) was an important war prize for Twitter. The 51-year-old earned a solid reputation in the cybersecurity community thanks to his involvement with the hacker group L0pht Heavy Industries in the 1990s, his time at the US Department of Defense and at Google. Crowned with this beautiful CV, Twitter had therefore hired him to correct the many security problems that the platform was experiencing. Except that, according to the ex-employee fired in January 2022, Twitter never really gave itself the means to do things well.
Twitter allegedly lied to the authorities
In a letter addressed to the policeman of the American financial markets, to which the washington post had access, the whistleblower denounces “gross and egregious breaches by Twitter in all areas of its work, including user privacy, digital and physical site security, platform integrity, and content moderation“. Suffice to say that it is a deflagration for the social network which has long been watched closely by the authorities for exactly this kind of problem.
Twitter’s relationship with the authorities is also one of the main problems that Mudge highlights in his testimony. The company is said to have, for more than 10 years, made comments “false and misleading” with regard to the authorities and users of the platform, even though an agreement signed with the FTC – which protects the rights of consumers – in 2010 obliged Twitter to make efforts on security. In terms of other breaches, Peter Zatko claims that an Indian government official was hired by Twitter to offer the government sensitive data about the site and its users.
Twitter’s cybersecurity failings don’t end there. The internal organization of the company would be, according to Mudge, so chaotic that more than half of the employees of Twitter would have access to the critical layers of the system and to the personal information of the Net surfers. Others carried the site’s full source code on laptops that had automatic updates disabled. These serious shortcomings sometimes prevent Twitter from honoring its users’ data deletion requests, the files being exploded on multiple servers and very poorly labelled.
The risk of a hefty fine
Finally, Peter Zatko also accuses Twitter of lying about the number of bots present on its platform, in order to artificially boost the growth of the site and enrich the shareholders. This last point is likely to hurt a lot in the context of the trial against Elon Musk since it is precisely what the richest man in the world criticizes the social network. Reacting to the story, a Twitter spokesperson says Mudge’s accusations are “riddled with inconsistencies and inaccuracies“and that these last”lack context. […] Mr. Zatko’s accusations and the timing of them appear to be aimed at gaining attention and hurting Twitter“says the company.
Be that as it may, the alarm bell sounded by Peter Zatko has drawn the attention of the American Congress, which will look into the subject. If it turns out that Twitter did indeed lie to the authorities about securing its platform, the company could be hit with a hefty fine. Not to mention the degraded public perception that will undoubtedly play a role in the trial between him and Elon Musk.