Former security chief: Twitter has extreme security flaws23. August 2022
Former security chief: Twitter has extreme security flaws
San Francisco, 8/23/2022
Twitter’s former security chief accused the platform of having extreme cybersecurity and anti-spam deficiencies and misleading regulators about those and other measures.
Peiter “Mudge” Zatko recently filed a whistleblower complaint with the Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission (FTC) accusing the company of “extreme, egregious deficiencies” in security, privacy, and content moderation.
In the July 6 complaint, Zatko accuses Twitter of violating the terms of an agreement with the FTC to settle a privacy dispute.
Under that agreement, Twitter had agreed to security safeguards.
However, Zatko alleges that Twitter failed to implement even basic security controls and has vulnerabilities that threaten national security and that executives have tried to cover up.
He further alleges that thousands of employees have copies of Twitter’s source code and that many Twitter servers continue to run vulnerable software.
In his response, Twitter CEO Parag Agrawal called Zatko’s claims “a false narrative” with “inconsistencies and inaccuracies.” He again pointed out that Twitter fired Zatko this year for “ineffective leadership and poor performance.”
Two U.S. lawmakers, Democratic Rep. Frank Pallone Jr. and Republican Rep. Cathy McMorris Rodgers, said they are “reviewing next steps” following Zatko’s allegations.
Meanwhile, Elon Musk’s legal team has subpoenaed Zatko and former Twitter CEO Jack Dorsey ahead of a trial date set for October in Twitter’s lawsuit against Musk. Zatko’s allegations could help Musk in that lawsuit.