The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

Ex-employee accuses Twitter of “egregious” security lapses

Photo of author
By Matthew Keys
,
[email protected]
Share:
Photo of author
By Matthew Keys
[email protected]
Share:
A sign attached to Twitter’s global headquarters is viewed from a sidewalk on Market Street in San Francisco, California. June 18, 2014. (Photo: Matthew Keys/The Desk/Creative Commons)

The former head of security at social media website Twitter says the microblogging service has “extreme, egregious deficiencies” in its security practices, the likes of which would shock celebrities, politicians and the news media if they ever came to light.

The allegation was lodged earlier this year by Peiter “Mudge” Zatko, who was hired by Twitter two years ago after a massive cybersecurity incident that saw the verified accounts of around 130 users hijacked for about a day. He was fired earlier this year after the company said he did not perform according to expectations.

In a whistleblower complaint, Zatko said Twitter’s former chief technology officer and current CEO Parag Agrawal encouraged him not to disclose serious security lapses in full to the company’s board of directors. He also said he was ordered to present misleading data that painted a false view of progress on some of Twitter’s better-known security issues.

On Tuesday, CNN said Zatko lodged several complaints internally during his time at Twitter, but that they were ultimately found to be not credible. A spokesperson for the social media company told the news network that Zatko is perpetuating “a false narrative about Twitter and our privacy and data security practices,” but offered no specifics.

“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” a Twitter spokesperson said this week. “Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

The complaint comes as Twitter is engaged in a lengthy war with tech mogul Elon Musk, who agreed to purchase the social media company earlier this year for $44 billion. Last month, Musk sought to end the takeover deal amid questions about the number of robots masquerading as active users on the service, among other issues. Twitter is suing Musk in court in an attempt to force him to move forward with the purchase.

On Tuesday, a lawyer who represents Musk said his legal team has already served a subpoena on Zatko and was curious to hear what the security researcher had to say.

“We found his exit and that of other key employees curious in light of what we have been finding,” the attorney, Alex Spiro, told CNN.

Get stories like these in your inbox, plus free email alerts on breaking tech and media news.

Elon Musk Peiter Zatko
Photo of author

About the Author:

Matthew Keys

Matthew Keys is a nationally-recognized, award-winning journalist who has covered the business of media, technology, radio and television for more than 11 years. He is the publisher of The Desk and contributes to Know Techie, Digital Content Next and StreamTV Insider. He previously worked for Thomson Reuters, the Walt Disney Company, McNaughton Newspapers and Tribune Broadcasting. Connect with Matthew on LinkedIn by clicking or tapping here.
Home » News » Industries » Security » Ex-employee accuses Twitter of “egregious” security lapses