Twitter seems to be going through a rough patch, as its previous alleged misdeeds are slipping out into the open. The ex-head of security for Twitter, Peiter "Mudge" Zatko, recently disclosed the degree of cybersecurity negligence that has allegedly been present at Twitter for years now.
Zatko has made the revelations to CNN and The Washington Post. Allegedly, the company deceived regulators and even its own board of directors about “extreme, egregious deficiencies” in its cybersecurity, leading to potential risk not only to individual security but also to the national security of the U.S. This revelation potentially gives Elon Musk a leg to stand on as the company is set to take him to trial over his offer to buy Twitter, which he later pulled.
Zatko says Twitter mishandles user data, and lacks the security measures to protect it
The 200-page disclosure was submitted by Zatko to multiple US government agencies last month. The former head of security claims that he was fired from Twitter for raising an alarm about the company's data policies and lack of security.
It's no secret that Twitter has a hacking problem, especially considering the 2020 hack that compromised some major accounts to push a Bitcoin scam. Zatko claims these kinds of hacks occurred due to thousands of employees having access to core software with poor tracking. Twitter had called this hack a result of a social engineering attack against some of its employees with access to internal systems, which seems to line up with Zatko's claim.
Zatko also claims the company cares more about user growth than battling spam, with bonuses of up to $10 million tied to increases in daily users made available to executives. Spam reduction allegedly had poor incentivization, on the other hand. This bit may be crucial to Elon Musk's defense, as he pulled out of his offer to buy Twitter, citing poor disclosure of spam and bot accounts from Twitter.
Twitter's official statement maintains that Zatko was let go for "ineffective leadership and poor performance," but it may be worth noting that Zatko has a solid track record in his field. He's held senior roles at Google, Stripe, and the US Department of Defense and was also allegedly offered a senior, day-one cyber role in the Biden administration.
Twitter allegedly investigated Zatko's claims during his time there and found them to be without merit. The Washington Post says that the FTC is reviewing the allegations.
