Twitter Accused of Prioritizing Profits Over Security: What You Need to Know

Twitter’s chaotic year keeps getting worse.

Peiter “Mudge” Zatko, the former head of security at Twitter, has alleged in a whistleblower complaint that he uncovered “extreme, egregious deficiencies” by Twitter surrounding user privacy, security and content moderation.

Zatko, who Twitter fired in January, accuses the company, its executives and board of directors of violating federal law by making “false and misleading” to users and the Federal Trade Commission.

“Mudge spent 14 months pushing for improvements from the inside, and was terminated for his efforts,” the complaint states. Nonprofit law firm Whistleblower Aid is representing Zatko and confirmed to CNET that the complaint is authentic. Zatko filed the 84-page complaint in July to the US Securities and Exchange Commission, Department of Justice and the FTC.

The allegations come at a tumultuous time for Twitter. The influential social media company is in a high-profile legal battle with billionaire Elon Musk after the Tesla and SpaceX leader tried to back out of a $44 billion deal to purchase Twitter. The tech platform sued Musk to complete the deal and a five-day trial is scheduled for October. 

Musk is trying to use the whistleblower disclosure as part of his argument to back out of the deal. His legal team amended Musk’s counterclaims against Twitter, alleging that the company’s alleged misrepresentations about its daily users “were only one component of a broader conspiracy among Twitter executives to deceive the public, its investors, and the government about the dysfunction at the heart of the company,” according to court filing on Thursday.

The amended counterclaims came days after the whistleblower testified before US lawmakers for the first time.

The whistleblower complaint not only raises serious questions about whether Twitter is doing enough to safeguard user privacy and security but could impact whether Musk gets forced to buy the platform.

Here’s what you need to know:

Who is the Twitter whistleblower?

Zatko is a well-known hacker and longtime security expert who worked at DARPA (the research and development agency of the US Department of Defense) and Google before joining Twitter in 2020.

He created software that’s still used today to test the strength of passwords. He’s also been a part of influential hacking groups such as L0pht that testified before Congress in the 1990s on security issues.

Former Twitter CEO Jack Dorsey recruited Zatko to work at the social media company after teenagers hacked the high-profile Twitter accounts of Musk, celebrity Kim Kardashian and even Joe Biden, who at the time was the presumptive Democratic nominee for US president. 

What are the allegations in the complaint?

The complaint is lengthy and includes several allegations against Twitter, including that the company prioritized daily user growth over the platform’s health and integrity.

Executives tried to hide bad news instead of trying to fix problems, possibly because they were rewarded financially for helping Twitter grow daily users, didn’t know better or had help create the “broken systems,” according to the complaint. 

Zatko alleges he uncovered various security and privacy problems at the company and brought it to the attention of executives in 2021. The company appeared to have a high rate of security incidents, some employees had disabled security and software updates on their devices and staff had too much access to user data, the complaint stated.

“Mudge identified there were several exposures and vulnerabilities at the scale of the 2020 incident waiting to be discovered, and reasonably feared Twitter could suffer an Equifax-level hack,” the complaint says. In 2017, credit reporting company Equifax announced a major data breach that impacted 148 million Americans.

Instead, Zatko alleges he didn’t get support to address these issues and received “stiff pushback” particularly from Parag Agrawal who is now Twitter’s CEO. Agrawal was Twitter’s Chief Technology Officer before he got promoted and the complaint notes that “Twitter’s problems had developed under Agrawal’s watch.”

The complaint accuses Twitter of violating an 11-year-old settlement with the FTC by falsely claiming it had a comprehensive security program. Zatko alleges that his findings were worse than Dorsey feared and that the company had never complied with the FTC order and wasn’t on track to do so.

The complaint also alleges Twitter lied to Musk about the number of spam bots on its platform and misled the FTC about fully deleting data of users who leave the service. Zatko also outlines threats to democracy and national security. Some of these threats include the Indian government forcing Twitter to hire government agents and the company becoming more dependent on revenue from Chinese entities, the complaint says.

What is Twitter’s response to the allegations?

Twitter says that Zatko was fired because of “ineffective leadership and poor performance” and the company prioritizes security and privacy. 

“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” Twitter spokeswoman Rebecca Hahn told The Post. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.”

Twitter provided CNET with the same statement.

How are US lawmakers and regulators responding?

The complaint is already sparking scrutiny from US lawmakers.

Sen. Richard Blumenthal, a Connecticut Democrat, urged FTC Chair Lina Khan to investigate Twitter.

“These troubling disclosures paint the picture of a company that has consistently and repeatedly prioritized profits over the safety of its users and its responsibility to the public, as Twitter executives appeared to ignore or hinder efforts to address threats to user security and privacy,” Blumenthal wrote in a letter to Khan.

The SEC and FTC declined to comment. The DOJ didn’t respond to a request for comment. 

Zatko testified before a Senate panel on Tuesday, telling US lawmakers that the social media platform prioritized profits over the safety of its users.

“When an influential media platform can be compromised by teenagers, thieves and spies and the company repeatedly creates security problems on their own, this is a big deal for all of us,” he said.

Will the complaint impact whether Musk is forced to buy Twitter?

It’s possible. The complaint mentions that Zatko started to document evidence of fraud at Twitter in January before Musk offered to buy the company.

Twitter Accused of Prioritizing Profits Over Security: What You Need to Know 1

Now playing:
Watch this:

Elon Musk vs. Twitter Bots: How Big Is the Problem?


Musk has accused Twitter of misrepresenting the number of false or spam accounts on its platforms. The complaint alleges that Musk is correct in that Twitter executives have little or no personal incentive to accurately detect or measure spam bots because they feared that it could harm the image and valuation of the company. 

On Aug. 23, Musk tweeted a meme that said “Give a little whistle.”

Musk’s lawyers have tried to use the complaint to push back the trial to a later date, but a Delaware Chancery Court judge overseeing the case denied that request last week. The judge, though, did rule that Musk could amend his counterclaims against Twitter to include the whistleblower disclosures.

Musk’s lawyers have also subpoenaed Zatko and have tried multiple times to use the whistleblower complaint to end the merger agreement. On August 29, his lawyers alleged that the company violated the merger agreement because it didn’t disclose a $7 million June settlement with Zatko or seek Musk’s consent for that action. Twitter shareholders voted on Tuesday to approve the Musk takeover deal and the legal battle is still ongoing. 

Related Posts

Apple-AT&T Identity Thieves Sentenced to 4 Years in Prison

Two men were sentenced to 52 months in prison after pleading guilty to running a scheme where they fraudulently accessed more than 2,000 AT&T mobile accounts that…

Airlines May Finally Have to Refund You if Their Wi-Fi Doesn’t Work

The US Department of Transportation has proposed a new rule that would see flight passengers finally able to get refunds for services they paid for but didn’t…

ExpressVPN’s First VPN Router Aims for Smart Home-Wide Privacy

Virtual private network provider ExpressVPN announced the launch of its first router with a built-in VPN. On Thursday, the British Virgin Islands company said the Wi-Fi 6…

Don’t Miss Out on Windows 11’s 2022 Update. How to Download

The first big upgrade for Microsoft Windows 11 is here. Arriving just a couple weeks before the operating system’s first anniversary, the update enhances Windows 11 security features,…

Make Your iPhone 14 Pro’s Always-On Display Better With This Simple Trick

This story is part of Focal Point iPhone 2022, CNET’s collection of news, tips and advice around Apple’s most popular product. Sorry, but I don’t think Apple’s…

How to Fix the Most Annoying iOS 16 Features on Your iPhone

This story is part of Focal Point iPhone 2022, CNET’s collection of news, tips and advice around Apple’s most popular product. Apple released iOS 16 for the iPhone only a couple…