Peiter "Mudge" Zatko, Twitter's former head of security, says the company has misled regulators about its security measures in his whistleblower complaint that was obtained by The Washington Post. In his complaint filed with the Securities and Exchange Commission, the Department of Justice and the Federal Trade Commission, he accuses the company of violating the terms it had agreed to when it settled a privacy dispute with the FTC back in 2011. Twitter, he says, has "extreme, egregious deficiencies" when it comes to defending the website against attackers.
As part of that FTC settlement, Twitter had agreed to implement and monitor security safeguards to protect its users. However, Zatko says half of Twitter's servers are running out-of-date and vulnerable software and that thousands of employees still have wide-ranging internal access to core company software, which had previously led to huge breaches. If you'll recall, bad actors were able to commandeer the accounts of some of the most high-profile users on the website in 2020, including Barack Obama's and Elon Musk's, by targeting employees for their internal systems and tools using a social engineering attack.
It was after that incident that the company hired Zatko, who used to lead a program on detecting cyber espionage for DARPA, as head of security. He argues that security should be a bigger concern for the company, seeing as it has access to the email addresses and phone numbers of numerous public figures,...
Welcome to Reality Check, NewsGuard’s nonpartisan newsletter that tracks the false claims and conspiracy theories that shape our world — and who’s behind them. Please support us by becoming a premi...