According to a whistleblower complaint, Twitter is allegedly trying to hide serious security issues.

Peiter “Mudge” Zatko, a well-known hacker who served as Twitter’s head of security before being let go six months ago, filed the lawsuit. CNN (Opens in a new window) and The Washington Post (Opens in a new window) both received whistleblower disclosures that Zatko provided to Congress and federal agencies last month.

In order to improve security at the social media corporation, including how to block false material from spreading on the site, Zatko was first developed by hired (Opens in a new window) in 2020. He discovered that Twitter gives access to private control systems and user information to some 5,000 workers with essentially no oversight.

More than 40 security-related events, including 70% that were access control-related, happened on Twitter alone in 2020. These included 20 breaches, all but two of which, according to the complaint, included access control.

Additionally, Zatko learned of numerous incidents that seemed to indicate Twitter had been compromised by foreign intelligence agencies and/or was involved in threats against democratic governance.” This includes the purported hiring by Twitter of a suspected agent of the Indian government, who subsequently gained access to the platform’s internal data.

Zatko alleges he attempted to fix Twitter’s security issues but ran into pushback from the company’s new CEO, Parag Agrawal, who succeeded Jack Dorsey last November. The complaint claims that Agrawal gave Zatko instructions to provide incorrect and misleading information regarding Twitter’s security vulnerabilities to a board committee.

The actions amounted to repeated legal violations by Twitter, who misled customers, the FTC, and the Securities and Exchange Commission. The complaint also states that Twitter “did not chose to focus on the long-term sustainability of the platform and company in any of these circumstances.” This may have happened because the executives were motivated by personal financial gain to increase mDAU/active users, or because they were ignorant of the problem, or because some of them were responsible for creating the flawed system in the first place.

Elon Musk may use the whistleblower complaint as leverage in his legal struggle to scuttle his agreement to purchase Twitter on the grounds that the business deceived him about the volume of spam and phony accounts on the platform. According to Zatko, Twitter executives are not motivated to accurately count or disclose the entire number of spam bots using the service.


According to the whistleblower lawsuit, Mudge really discovered that willful ignorance was the norm within the executive leadership team. As a new executive in early 2021, Mudge enquired about the underlying spam bot statistics from the Head of Site Integrity, who was in charge of tackling platform manipulation, such as spam and botnets. They said, “We don’t really know.””

Twitter responded to the accusations made by Zatkos in a statement. According to Twitter, Mr. Zatko was let go from his senior executive position in January 2022 due to poor performance and weak leadership. What we have seen thus far is a misleading narrative that is devoid of crucial context, rife with contradictions and falsehoods, about Twitter and our privacy and data security standards.

According to Twitter, Mr. Zatko’s accusations and timing seem to be intended to get attention and hurt the company’s reputation, users, and shareholders. At Twitter, security and privacy have always been top priorities and will always be.

GET THE BEST NEWS FROM US! For daily delivery of our best stories to your inbox, sign up for What’s New Now.

Advertisements, discounts, and affiliate links could be found in this newsletter. You agree to our Terms of Use and Privacy Policy by subscribing to a newsletter. You are always free to unsubscribe from the newsletters.


You may also like