story

Twitter Whistleblower Alleges Major Issues with Security, Spam Accounts

    Twitter Whistleblower Alleges Major Issues with Security, Spam Accounts
    Last updated: 3 months ago
    Image credit: The New York Times

    Facts

    • Twitter's former head of security, Peiter Zatko, reportedly filed a complaint with the Securities and Exchange Commission (SEC) last month, alleging the company failed to protect sensitive user data and lied about security problems. [1]
    • Zatko alleges Twitter misled users and investors, acting with "negligence and even complicity" towards hackers as well as efforts by foreign governments to infiltrate the platform. Twitter even allegedly placed Indian government officials on the payroll and gave them access to user data. [2]
    • The complaint says the violations date back to 2011, when the Federal Trade Commision (FTC) ordered the company to fix security flaws. Zatko alleges they continued into his 2021-2022 tenure at the company - he also accused CEO Parag Agrawal of encouraging him to lie about such issues. [3]
    • Under the terms of the FTC settlement, Twitter was barred from "misleading consumers" about security flaws, leading to the agency and the Justice Dept. fining the company $150M this year for breaching the agreement. [4]
    • As the complaint is directly related to national security - including concerns over funding from Chinese entities - the US Senate Intelligence Committee says it's "in the process of setting up a meeting to discuss the allegations." [2]
    • Zatko further alleges that the company's executives could be paid bonuses of up to $10M for boosting users' followers, a practice he argues incentivizes ignoring widespread spam accounts. The claim may bolster Elon Musk's position in a legal battle over the purchase of Twitter, as he is currently attempting to back out of a $44B deal to buy the platform, citing issues with the proliferation of bot accounts. [3]
    • Show more

    Spin

    Narrative A

    Zatko's claims will undoubtedly help Musk's case. He has argued that "Twitter executives don't have the resources to fully understand the true number of bots on the platform", and his claims over security vulnerability may provide Musk with another argument that Twitter has misrepresented itself by violating its 2011 agreement with the DOJ and FTC.

    Narrative B

    This will do nothing to hep Musk's case. Downturns that have followed these revelations are an overreaction - even if Zatko demonstrates that spam accounts made up 6% or 9%, rather than 5% of overall accounts, it would not prove Musk was sufficiently misled to enable him to back out of the purchase.

    Cynical narrative

    The timing of this can't help but raise questions. This seems like a classic example of an opportunistic former employee. Zatko was fired from Twitter earlier this year due to poor performance and leadership, so it makes sense that he'd try and tear down the company that released him from his once-prestigious position.

    Nerd narrative

    There's a 35% chance that personal ID authentication will be obligatory for new Twitter accounts on July 1, 2023, according to the Metaculus prediction community.

    Articles on this story