After the former security officer at Twitter – Peiter “Mudge” Zatko – complained about lax security practices it was following, the Senate and Congressional committee leaders from both sides said they were looking into the matter.
Zatko revealed how Twitter is rewarding those who achieved increasing user growth but not those who reduced the bot spam. Further, he said half of Twitter’s infrastructure is outdated and also violated the terms it promised to FTC in a past privacy settlement.
Weak Security and Terms Violations
Aside from the legal battle with Elon Musk over its acquisition deal, Twitter is in fresh turmoil from a whistleblower activity. The company’s former security officer Peiter “Mudge” Zatko, has filed a complaint with the SEC, FTC, and the Department of Justice regarding various issues at Twitter.
He accused the platform’s weak security practices – like half of its systems are running on outdated software and many people within the company having wide-ranging internal access to core company software.
This could be harmful, as any of those employees’ account takeover by a hacker can lead to severe consequences, as we saw in 2020, with many high-profile accounts being hijacked for a cryptocurrency scam.
He further accused the company of rewarding the people who worked for user growth over reducing spam and also violating the terms it made with FTC in the past. Twitter was sued by FTC over weak practices in protecting users’ data in 2011, which it settled by promising new policies to safeguard them.
The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executives to government agencies, and penetration of the company by foreign intelligence raise serious concerns. https://t.co/9QQtlDSogr
— Senator Dick Durbin (@SenatorDurbin) August 23, 2022
Feeling “ethically bound” as a member of the cybersecurity community, Zatko filed a complaint against Twitter to SEC, DoJ, and FTC – which led the senate and Congress leaders from both sides to look into it now.
The offices of Durbin and the committee’s ranking member Chuck Grassley said they’ve already held talks with Zatko, with the Intelligence Committee saying it’s planning a meeting with the whistleblower soon.
Quashing up all these allegations and calling Zatko’s allegations “riddled with inaccuracies“, Twitter spokesperson Rebecca Hahn said;
“Security and privacy have long been top company-wide priorities at Twitter.” The company fired Zatko “for poor performance and leadership,” and his complaints now “appear to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders”.