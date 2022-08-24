Share the joy

Twitter has security problems according to the whistleblower.

“Extreme Egregious Deficiencies”

The whistleblower, Peiter “Mudge” Zatko, was a former head of security of Twitter. He directly reported to the CEO. Zatko said that the platform has major security holes posing a threat to its users, shareholders, national security, and democracy.

According to the Washington Post, the disclosure was sent to Congress and federal agencies. It paints a picture of how chaotic Twitter is. It is a mismanaged company that enables staff to access sensitive information without proper oversight.

Zatko also claims that some of the company’s senior executives tried to cover up its serious flaws. He added that one or more employees may be collaborating with a foreign intelligence service.

He also accused Twitter of violating the terms of an 11-year-old settlement with the FTC by claiming it had a robust security policy when it had none.

He warned his colleagues that half of the company’s servers were outdated and using the vulnerable software. But executives concealed the facts about the breaches and the lack of protection for its user data. Instead, they presented excellent charts to the directors with trivial data.

He filed this complaint to the SEC and FTC. He says that thousands of Twitter employees had internal access to Twitter’s core software. It had been an issue for many years that led to hacking.

User Growth Over Spam Reduction

The whistleblower also stated that spam reduction wasn’t the company’s focus. Instead, it prioritized user growth.

But unwanted content only worsens the user experience. He also said that the current CEO Parag Agrawal lied when he tweed that Twitter was “strongly incentivized to detect and remove as much as spam as we possibly can.”

Exposing Flaws

Zatko decided to go public as an extension of his past work exposing vulnerabilities in software and broader system in cybersecurity. Twitter co-founder Jack Dorsey hired him in late 2020 after the company experienced a major hack.

Under the rules of the SEC whistleblower, he is legally protected against retaliation and would receive potential monetary rewards.

A Twitter spokeswoman denied the allegations. She said that Zatko’s complaint appeared to be inaccurate. She also described Zatko’s allegations as an opportunity for him to foist harm on Twitter’s customers and shareholders.

Zatko was fired because of his poor performance and leadership.

Since 2020, Twitter has changed its security and tightened it extensively. Its security practices are now within industry standards. It also implemented specific rules regarding people accessing Twitter’s systems.

The spokeswoman also said that the platform had removed more than 300 million spam and bots yearly. The company fully stands by its SEC filings and implements a serious security approach to fight spam.

But this month, Twitter’s former employee was convicted of taking advantage of his position at the company to track Saudi dissidents. He passed their data to a close ally of Crown Prince Mohammed bin Salman in exchange for gifts and cash.

Many government leaders are still using Twitter to spread messages quickly. It can mean that this platform is still tremendous with huge value. But it needs to strengthen its security.

