Twitter Lied About Bots and Security Vulnerabilities per Ex-Security Chief

Ah sh*t, here we go again.
Image by Shutterstock

Well this is a bad look. Twitter’s former security chief, Peiter Zatko, made a formal complaint that Twitter has been deceiving federal agencies and the company’s own board of directors; downplaying the social network’s “extreme, egregious deficiencies” in security and its lack of effort to curb vulnerabilities and botting.

This is full-blown whistleblower territory here, people. Zatko was fired by Twitter back in January 2022 and he claims it was for his refusal to be quiet about Twitter’s deceptive bullsh*t. So now as his own retaliation, Zatko filed an extensive complaint with the Securities and Exchange Commission (SEC) last month totaling over 200 pages, and in it he lights the company up for so many absurd breaches of trust it will make your head spin.

Oh yeah, and his entire complaint (2/3 the length of The Hobbit by the way) was obtained by CNN and The Washington Post… and they published a redacted version today. Here we go.

In a excerpt from The Washington Post’s report they touch on some of the more standout complaints by Peiter:

Among the most serious accusations in the complaint, a copy of which was obtained by The Washington Post, is that Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan. Zatko’s complaint alleges he had warned colleagues that half the company’s servers were running out-of-date and vulnerable software and that executives withheld dire facts about the number of breaches and lack of protection for user data, instead presenting directors with rosy charts measuring unimportant changes.

The Washington Post

Yikes. That’s just a taste of Zatko’s intentions as well. If we were to go into depth talking about all of the serious points, this post would take about 36 hours to read. The Verge has done a good job of trying to break down and summarize his report, so here’s some juicy bullet points:

  • Too many employees (around half) have access to sensitive, critical info like phone numbers and thousands of laptops contain complete copies of Twitter source code.
  • Twitter has misled the FTC after a settlement back in 2010, stating they would actually make changes to protect user data – spoiler: they didn’t, and have clearly failed to protect much of anything with so many data breaches I’ve lost count.
  • Falsified claims about total bot activity. Twitter has claimed less than 5% of monthly activity is due to bots but Zatko claims the actual number is staggeringly higher with execs being incentivized by massive monetary bonuses (up to $10 million) to boost total user count vs. reducing botting.
  • Zatko states Twitter has allowed Indian government agents access to “vast amounts of Twitter sensitive data” to crack down on protests and dissent amongst relevant users.
  • Twitter has also failed to delete user data even when requested, due to info being spread to vastly amongst various internal systems to be tracked.

This is going to be an absolute nightmare for Twitter, but if even half of Zatko’s claims are true then it’s absolutely deserved. What a mess.

Oh, and here’s one last tasty little bit of drama that’s come from the release of Zatko’s complaint… Elon Musk’s lawyers have now issued a subpoena to speak to Zatko.

This is gonna be an interesting next few months. Strap yourselves in, hunker down, and grab some popcorn. We’re in for a treat, ya’ll!

What’s your Reaction?
Haha
19
Haha
Love
0
Love
Hmmm
4
Hmmm
WAAAT
2
WAAAT
Noooo
0
Noooo
WTF
3
WTF
Total
0
Shares
Prev
Leak Suggests New MacBook Pro Won’t Get Updated Chips

Leak Suggests New MacBook Pro Won’t Get Updated Chips

This could be bad

Next
The New Purple iPhone 14 Pro Leaked, Here Ya Go!

The New Purple iPhone 14 Pro Leaked, Here Ya Go!

Purple haze all in my brain

You May Also Like