On Tuesday, both CNN and The Washington Post reported on accusations from former Twitter chief security officer Peiter Zatko, often known as “Mudge,” that the company’s security practices are dangerously lacking. It’s a litany of charges that range from misleading bot counts to the employment of a known foreign government agent. But one allegation stands out among the rest.

Engineers across Twitter, according to Zatko’s disclosure, had extensive access to the social network's live, deployed software platform. Not only that, there was also minimal monitoring and logging to track who did what in this production environment. That would leave an opening for someone with unintended access or malign intentions to view user data or even make changes to the platform without raising alarms or leaving a clear trail. While all of Zatko’s claims are serious, none more clearly captures the allegation of fundamental, systemic issues within the company.

Last month, Zatko and his attorneys sent hundreds of pages of documents to the US Department of Justice, Securities and Exchange Commission, and Federal Trade Commission detailing the myriad allegations of security and privacy failures at Twitter. The claims have potentially significant implications in the dispute about whether Elon Musk must go through with his agreement to purchase the company for $44 billion. If true, they also have immediate ramifications for Twitter's hundreds of millions of users.

“Twitter is grossly negligent in...

Read Full Story: https://www.wired.com/story/mudge-twitter-whistleblower-security/