Twitter Inc deceived federal authorities about its protections against hackers and spam accounts, according to a whistleblower complaint filed by the social media company’s former security chief Peiter Zatko.
According to data given by congressional investigators, Zatko, a well-known hacker known as “Mudge,” said in an 84-page complaint that Twitter fraudulently stated it had a sound security plan. Twitter’s stock dropped 7.3% to close at $39.86.
According to the memo, Twitter prioritized user growth over spam reduction, with executives eligible for individual bonuses of up to $10 million connected to gains in daily users and nothing stated for spam reduction.
Twitter labeled the complaint a “false narrative.” The social media company has been battling Elon Musk in court after the world’s richest person attempted to pull out of a $44-billion deal to buy Twitter. Musk said it failed to provide details about the prevalence of bot and spam accounts.
Tesla Inc CEO Elon Musk has offered to buy Twitter for $54.20 per share, claiming that the company could become a global platform for free speech.
Twitter and Musk have filed lawsuits against each other, with Twitter asking a Delaware Court of Chancery judge to require Musk to finish the purchase. A trial is set for October 17.
Zatko filed the lawsuit with the Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission last month (FTC). The complaint was also forwarded to other congressional committees.
“We are reviewing the redacted claims that have been published but what we have seen so far is a false narrative that is riddled with inconsistencies and inaccuracies,” Twitter Chief Executive Parag Agrawal told employees in a memo.
The Senate Judiciary Committee’s top Republican, Chuck Grassley, said the complaint raised serious national security concerns and privacy issues and needed to be investigated.
“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure, and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” he said.
The FTC declined to comment. A spokesperson for the Senate Intelligence Committee said it had received the complaint and was setting up a meeting to discuss the allegation.
According to Howard Fischer, a partner at Moses & Singer and a former SEC attorney, Twitter’s true regulatory danger is whether the documentary evidence proves the “knowing or willful deceiving” of investors or regulators.
Musk could not be reached for comment, but he reacted on Twitter with robot memes and emojis. Musk’s legal team has subpoenaed Zatko, according to CNN, following the whistleblower disclosure.
Since the 1990s, when he was credited with inventing a password cracking program, American hackers have adored Zatko. He eventually exploited his hacking skills to become a sought-after security consultant before transitioning to top government and corporate roles alongside other dissident techies of the day.
According to the whistleblower paper, following the January 6 riots, the new Biden administration offered him “a day-one appointed position as Chief Information Security Officer for the United States,” which he turned down.
Cybersecurity leaders overwhelmingly supported Zatko, and many criticized Twitter’s reaction to his revelations.
On Twitter, Robert Lee, founder of industrial cybersecurity firm Dragos, said it was “one of the very rare instances based on who it is I don’t even need to know a detail to draw a judgment.” “If Mudge makes this kind of assertion, it deserves to be investigated.”
In January, Twitter said Zatko was no longer its head of security, two years after his appointment to the role.
On Tuesday, a Twitter spokesperson said Zatko was fired for “ineffective leadership and poor performance,” adding his allegations appeared designed to capture attention and inflict harm on Twitter, its customers, and its shareholders.
According to Zatko’s attorneys, Debra Katz and Alexis Ronickher, throughout his time at Twitter, he consistently raised concerns about weak information security protocols to the company’s executive committee, CEO, and board. A request for comment on that statement was not responded to by Twitter.