The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

Ex-employee accuses Twitter of “egregious” security lapses

Twitter knows about its numerous security failings, but won't address them, a former employee-turned-whistlebower says

Twitter knows about its numerous security failings, but won't address them, a former employee-turned-whistlebower says

A sign attached to Twitter’s global headquarters is viewed from a sidewalk on Market Street in San Francisco, California. June 18, 2014. (Photo: Matthew Keys/The Desk/Creative Commons)

The former head of security at social media website Twitter says the microblogging service has “extreme, egregious deficiencies” in its security practices, the likes of which would shock celebrities, politicians and the news media if they ever came to light.

The allegation was lodged earlier this year by Peiter “Mudge” Zatko, who was hired by Twitter two years ago after a massive cybersecurity incident that saw the verified accounts of around 130 users hijacked for about a day. He was fired earlier this year after the company said he did not perform according to expectations.

In a whistleblower complaint, Zatko said Twitter’s former chief technology officer and current CEO Parag Agrawal encouraged him not to disclose serious security lapses in full to the company’s board of directors. He also said he was ordered to present misleading data that painted a false view of progress on some of Twitter’s better-known security issues.

On Tuesday, CNN said Zatko lodged several complaints internally during his time at Twitter, but that they were ultimately found to be not credible. A spokesperson for the social media company told the news network that Zatko is perpetuating “a false narrative about Twitter and our privacy and data security practices,” but offered no specifics.

“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” a Twitter spokesperson said this week. “Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

The complaint comes as Twitter is engaged in a lengthy war with tech mogul Elon Musk, who agreed to purchase the social media company earlier this year for $44 billion. Last month, Musk sought to end the takeover deal amid questions about the number of robots masquerading as active users on the service, among other issues. Twitter is suing Musk in court in an attempt to force him to move forward with the purchase.

On Tuesday, a lawyer who represents Musk said his legal team has already served a subpoena on Zatko and was curious to hear what the security researcher had to say.

“We found his exit and that of other key employees curious in light of what we have been finding,” the attorney, Alex Spiro, told CNN.

Photo of author

About the Author:

Matthew Keys

Matthew Keys is the publisher of The Desk and reports on the business and policy matters involving the broadcast television, streaming video and radio industries. He previously worked for Thomson Reuters, Disney-ABC, Tribune Broadcasting and McNaughton Newspapers. Matthew is based in Northern California, has won numerous awards in the field of journalism, and is a member of IRE (Investigative Reporters and Editors).