A former head of security at Twitter alleged that the company misled regulators about its poor cybersecurity defenses and its negligence in attempting to root out fake accounts that spread disinformation, according to a whistleblower complaint filed with U.S. officials.
The revelation could create serious legal and financial problems for the social media platform, which is currently attempting to force Tesla CEO Elon Musk to consummate his $44 billion offer to buy the company. Several members of Congress on Tuesday called on regulators to investigate the claims.
Peiter Zatko, Twitter’s security chief until he was fired early this year, filed the complaints last month with the U.S. Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice. The legal nonprofit Whistleblower Aid, which is working with Zatko, confirmed the authenticity of a redacted copy of the complaint posted online by the Washington Post.
“This was a last resort for him,” said John Tye, the group’s co-founder and chief disclosure officer, in an interview Tuesday. He said Zatko exhausted all attempts to get his concerns resolved inside the company before his firing in January.
Among Zatko’s most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users. Zatko also accuses the company of deceptions involving its handling of “spam” or fake accounts, an allegation that is at the core of Musk’s attempt to back out of the Twitter takeover.
Shares of Twitter Inc. had fallen more than 6% at one point Tuesday.
Better known by his hacker handle “Mudge,” Zatko is a highly respected cybersecurity expert who first gained prominence in the 1990s and later worked in senior positions at the Pentagon’s Defense Advanced Research Agency and Google.
He joined Twitter at the urging of then-CEO Jack Dorsey in 2020, the same year the company suffered a security breach involving hackers who broke into the Twitter accounts of world leaders, celebrities and tech moguls, including Musk, in an attempt to scam their followers out of bitcoin.
Twitter said Tuesday that Zatko was fired for “ineffective leadership and poor performance,” adding the “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.” The company called his complaint “a false narrative.”
Zatko’s attorneys, Debra Katz and Alexis Ronickher, said Twitter’s claim about his poor performance is false and that he repeatedly raised concerns about “grossly inadequate information security systems” with top executives and Twitter’s board of directors.
