The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

Ex-employee accuses Twitter of “egregious” security lapses

Twitter knows about its numerous security failings, but won't address them, a former employee-turned-whistlebower says

Twitter knows about its numerous security failings, but won't address them, a former employee-turned-whistlebower says

A sign attached to Twitter’s global headquarters is viewed from a sidewalk on Market Street in San Francisco, California. June 18, 2014. (Photo: Matthew Keys/The Desk/Creative Commons)

The former head of security at social media website Twitter says the microblogging service has “extreme, egregious deficiencies” in its security practices, the likes of which would shock celebrities, politicians and the news media if they ever came to light.

The allegation was lodged earlier this year by Peiter “Mudge” Zatko, who was hired by Twitter two years ago after a massive cybersecurity incident that saw the verified accounts of around 130 users hijacked for about a day. He was fired earlier this year after the company said he did not perform according to expectations.

In a whistleblower complaint, Zatko said Twitter’s former chief technology officer and current CEO Parag Agrawal encouraged him not to disclose serious security lapses in full to the company’s board of directors. He also said he was ordered to present misleading data that painted a false view of progress on some of Twitter’s better-known security issues.

On Tuesday, CNN said Zatko lodged several complaints internally during his time at Twitter, but that they were ultimately found to be not credible. A spokesperson for the social media company told the news network that Zatko is perpetuating “a false narrative about Twitter and our privacy and data security practices,” but offered no specifics.

“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” a Twitter spokesperson said this week. “Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

The complaint comes as Twitter is engaged in a lengthy war with tech mogul Elon Musk, who agreed to purchase the social media company earlier this year for $44 billion. Last month, Musk sought to end the takeover deal amid questions about the number of robots masquerading as active users on the service, among other issues. Twitter is suing Musk in court in an attempt to force him to move forward with the purchase.

On Tuesday, a lawyer who represents Musk said his legal team has already served a subpoena on Zatko and was curious to hear what the security researcher had to say.

“We found his exit and that of other key employees curious in light of what we have been finding,” the attorney, Alex Spiro, told CNN.

Photo of author

About the Author:

Matthew Keys

Matthew Keys is an award-winning journalist with more than 10 years of experience covering the business of television and radio broadcasting, streaming services and the overall media industry. In addition to his work as publisher of The Desk, Matthew contributes regularly to StreamTV Insider and KnowTechie, and has worked for several well-known news organizations, including Thomson Reuters, McNaughton Newspapers, Grasswire, Comstock's magazine, KTXL-TV and KGO-TV. Matthew is a member of IRE, a trade organization for investigative reporters and editors, and is based in Northern California.

Email: [email protected] | Signal: 530-507-8380