A whistleblower claims that Twitter, Inc. (TWTR) has been “in violation of numerous laws and regulations” and has exhibited “extreme, egregious deficiencies” regarding privacy, security, and content moderation. Moreover, the former Twitter executive asserts that the microblogging and social media company has made misrepresentations to Tesla, Inc. (TSLA) CEO Elon Musk, who is engaged in a legal battle to rescind his offer to buy Twitter.
Nonprofit law firm Whistleblower Aid has filed “protected, lawful disclosures” regarding the whistleblower’s assertions with the U.S. Securities and Exchange Commission (SEC), the U.S. Federal Trade Commission (FTC), and the U.S. Department of Justice (DOJ). Musk has made his own claims that Twitter has been sharply undercounting the number of spam and bot accounts on its platform, and the whistleblower’s filings may help to bolster Musk’s case against the company.
- A whistleblower alleges widespread violations, security vulnerabilities, and deceptive practices at Twitter, Inc. (TWTR).
- The whistleblower is Twitter’s former head of security.
- He also alleges that Twitter gave prospective buyer Elon Musk misleading information.
- The latter claim may help Musk in his legal fight to withdraw his offer.
The whistleblower is Peiter “Mudge” Zatko, formerly a member of Twitter’s senior executive team responsible for information security, privacy, physical security, information technology, and global content moderation enforcement, reporting directly to CEO Parag Agrawal. Zatko worked at Twitter from Nov. 16, 2020, until the morning of Jan. 19, 2022, when Agrawal terminated him.
More Allegations and Concerns
In his complaint with the SEC, Zatko alleges that he “witnessed senior executive[s] engaging in deceitful and/or misleading communications affecting Board members, users and shareholders” on various occasions in 2021. He further asserts that CEO Parag Agrawal asked him to provide false and misleading documents.
Among other allegations made by Zatko in his filings with regulators are:
- Twitter executives have misled its own board and government regulators about its security vulnerabilities.
- These vulnerabilities can facilitate foreign spying, manipulation, hacking, and disinformation campaigns.
- Twitter does not reliably delete users’ data after they cancel their accounts, and it has misled regulators about whether it deletes the data as it is required to do.
In his final report for Twitter after he was fired, Zatko warned that:
- The company experiences a “volume and frequency of security incidents impacting a large number of users’ data that is frankly stunning.”
- More than half of its 500,000 servers were running out-of-date software.
- More than a quarter of employee computers have disabled software updates that can provide important security patches.
- The company grants unduly broad access to the platform’s production environment.
However, Zatko gives limited hard evidence in his complaint regarding spam and bots, a key concern for Elon Musk, as noted above, As a result, the potential impact of those allegations is difficult to assess at this point.