Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Twitter's last security chief blasts service over 'grossly negligent' security

Last updated

Peiter Zatko, Twitter's former head of security, is lighting the social media service on fire with claims that not only did the company deceive regulators, but it is putting its users in danger with lackluster security.

Filed in July with the Securities and Exchange Commission, Department of Justice, and the FTC, the complaint accuses Twitter of having "extreme, egregious deficiencies" when it comes to security.

According to Zatko, in the filing seen by the Washington Post, Twitter is failing to live up to a 2011 settlement with the FTC, by saying it had a solid security plan in place. This included implementing various security safeguards to protect users, but Zatko believes Twitter failed on this point.

The failures include an allegation he warned other colleagues that half the servers run by the company ran on out-of-date and vulnerable software. There was also a claim that executives withheld information about breaches and a lack of user data protection from directors, and instead focused on charts covering less important changes.

Thousands of employees also still have access to core software, access that was also poorly tracked. That situation led to years of hacks of high-profile accounts, such as Elon Musk and of former U.S. presidents, via the social engineering of employees.

"Twitter is grossly negligent in several areas of information security," said Zatko. "If these problems are not corrected, regulators, media, and users of the platform will be shocked when they inevitably learn about Twitter's severe lack of security basics."

Zatko hopes his whistleblowing will introduce more scrutiny and accountability, forcing the company to improve itself.

"I still believe that this is a tremendous platform, and there is huge value and huge risk," he concludes. "I hope that looking back at this, the world will be a better place, in part because of this."

There is also a claim that Twitter prioritized user growth over the culling of spam, with bonuses linked to increases in the number of daily active users. However, there weren't bonuses or incentives for reducing spam.

The ex security chief also had trouble determining the number of bots on the service, with ad-related bot counting only happening since 2019, and oddly continually estimated to be less than 5%.

A source within Twitter told Zatko that the company was not keen to work out the real number of bots due to the potential harm to the "image and valuation of the company." Such a complaint could play into legal proceedings between Twitter and Elon Musk over a failed $44 billion purchase.

After announcing an intent to purchase in April, Musk halted the deal while user metrics and spam accounts were checked by his team. Misk then threatened to walk away, accusing Twitter of being unable to prove its sub-5% fake user account claim.

Musk filed to exit the deal in July, prompting Twitter to sue. Twitter and Musk's legal teams will be meeting in court in October over the affair.



8 Comments

foregoneconclusion 12 Years · 2857 comments

Not sure how this would have any impact per Musk backing out of the Twitter deal. Bots are a side issue versus the security complaint and Zatko doesn't appear to have much to offer on bots beyond hearsay from a Twitter employee that didn't know anything more than a generalized claim of management attitudes.

foregoneconclusion 12 Years · 2857 comments

JP234 said: Couple related things I know. The Musk buyout will never happen now. Twitter will be the subject of a new House or Senate committee hearing, and probably an investigation by the SEC or FTC. Twitter stock is already reacting as you'd expect this morning.

It's up to the Court of Chancery in Delaware. Musk complained about bot counts and Zatko doesn't really have anything of value to offer there. Musk may have some investigations to worry about himself...

https://www.currentaffairs.org/2022/01/exposing-the-fraudulence-of-elon-musk-and-tesla

ericthehalfbee 13 Years · 4489 comments

The timing of this is suspicious. No doubt Musk is involved, as per his usual “try Twitter in the court of public opinion”. Mainly because he’s going to lose his case spectacularly and will lose billions by backing out.

baconstang 10 Years · 1160 comments

In THAT case, I'll continue to not use Twitter...

Paul_B 2 Years · 82 comments

Twitter is a McNugget, always has been, always will be, it's not a technology company.