Twitter whistleblower says company misled regulators on security issues
Twitter Inc misled federal regulators about its defenses against hackers and spam accounts, the social media company’s former security chief Peiter Zatko said in a whistleblower complaint.
In an 84-page complaint, Zatko, a famed hacker widely known as “Mudge,” alleged Twitter falsely claimed it had a solid security plan, according to documents relayed by congressional investigators. Twitter’s shares fell 7.3% to close at $39.865%.
The document alleges Twitter prioritized user growth over reducing spam, with executives eligible to win individual bonuses of as much as $10 million tied to increases in daily users, and nothing explicitly for cutting spam.
Twitter labeled the complaint a “false narrative.” The social media company has been battling Elon Musk in court after the world’s richest person attempted to pull out of a $44-billion deal to buy Twitter. Musk said it failed to provide details about the prevalence of bot and spam accounts.
Tesla Inc Chief Executive Musk had offered to buy Twitter for $54.20 per share, saying he believed it could be a global platform for free speech.
Twitter and Musk have sued each other, with Twitter asking a judge on the Delaware Court of Chancery to order Musk to close the deal. A trial is scheduled for Oct. 17.
Zatko filed the complaint last month with the U.S. Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission (FTC). The complaint was also sent to congressional committees.
“We are reviewing the redacted claims that have been published but what we have seen so far is a false narrative that is riddled with inconsistencies and inaccuracies,” Twitter Chief Executive Parag Agrawal told employees in a memo.
The Senate Judiciary Committee’s top Republican, Chuck Grassley, said the complaint raised serious national security concerns and privacy issues and needed to be investigated.
“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure, and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” he said.
The FTC declined to comment. A spokesperson for the Senate Intelligence Committee said it had received the complaint and was setting up a meeting to discuss the allegation.
Twitter’s real regulatory risk lies in whether the documentary evidence shows “knowing or reckless misleading” of investors or regulators, said Howard Fischer, a partner at Moses & Singer and a former SEC attorney.