Twitter Whistleblower Complaint: The TL;DR Version

Share this article:
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
A recently surfaced 84-page whistleblower report filed with the US government by Twitter’s former head of security Peiter “Mudge” Zatko last month blasts his former employer for its alleged shoddy security practices and being out of compliance with an FTC order to protect user data.
Twitter has responded alleging that Zatko is a “disgruntled employee” who was fired for poor performance and leadership. In a letter to employees Twitter’s CEO Parag Agrawal asserts that Zatko’s claims are a “false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context.”
Here is an abbreviated overview of the allegations and Twitter’s reaction.
Zatko, a respected white-hat hacker who served as Twitter’s head of security for roughly 15 months between 2020 and 2022, accused Twitter of a litany of poor security and privacy practices that together constituted a national security risk.
Top accusations include:
The thrust of Twitter’s response to Zatko is that he is a disgruntled employee, bad at his job and scapegoating Twitter for his failures. It points out that it has addressed and continues to aggressively address many of the IT security issues pointed out by Zatko.
An alleged response by Twitter’s CEO Parag Agrawal sent internally to Twitter employees was posted online.
NEW: First time Twitter CEO @paraga weighs in on whistleblower story.
Sending this message to staff this morning.
— Donie O'Sullivan (@donie) August 23, 2022

Meanwhile top Democrats and Republicans in Congress have reacted by promising to investigate the claims. Sen. Richard Durbin (D-IL), chair of the Senate Judiciary Committee, confirmed he was investigating the whistleblower disclosure.
The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executives to government agencies, and penetration of the company by foreign intelligence raise serious concerns.
— Senator Dick Durbin (@SenatorDurbin) August 23, 2022

Share this article:
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.

This site uses Akismet to reduce spam. Learn how your comment data is processed.
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations…
2 weeks ago
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.


Back to list