Immediately, two Western publications – CNN and The Washington Post – ran a massive tip-off report that Twitter claimed had no motivation to monitor the actual number of spam accounts. Also, the company hides its vulnerabilities from federal regulators. He himself knows the situation very well, because he used to work at Twitter, but was fired precisely because he did not participate in such a policy.

Report details

The author is Peyter Zatko and is a well-known ethical hacker under the pseudonym “Mudge”. According to him, he feels an “ethical obligation” to report his concern to government agencies. He claims he was fired in January 2022 for being too persistent in forcing reluctant Twitter executives to address “serious security issues that threaten the security of “Twitter’s personal information, the company’s shareholders, national security, and democracy.”

Zatko says Twitter management put more effort and resources into hiding these vulnerabilitiesrather than their elimination, including data corruption and security threats of spam accounts. The company’s actions allegedly “could open the door to campaigns of foreign espionage or manipulation, hacking and disinformation.” The social network prefers to increase the total number of users rather than maintain its authenticity and remove bots.

Among other things, Zatko’s accusations include:

• A large part of Twitter’s vulnerability is too many employees have access to critical systems. For example, Twitter’s 7,000 full-time employees have access to users’ sensitive personal data (such as phone numbers) and internal software (to change the way the service works), and this access is not tracked.
• Thousands of laptops Contains exact copies of Twitter source code.
• Misleading the FTC and users about the extent to which the consumer protects the security, privacy and confidentiality of their non-public information and the measures it takes to prevent unauthorized access to it. It should be noted that in 2010, after a high-profile scandal and lawsuit, Twitter and the FTC entered into a related agreement that prohibited the company from withholding information about all of the above for 20 years.
• Ignore bots. Twitter’s way of measuring their numbers is inaccurate and does not reflect reality, and admins are encouraged with bonuses of up to $10 million to increase their user base so they don’t remove spambots and fakes.
• cooperation with governments. Because Twitter is an important tool for sharing news and organizing protests, this makes it a target for governments seeking to suppress opposition. Zatko’s complaint alleges that the Indian government forced Twitter to later hire a government agent who “had access to a large amount of sensitive Twitter data”.
• Moreover Twitter had not previously removed the data of users who made such a request from its servers.. However, The Washington Post discussed the issue with one of the current employees, who assured that the company “has just completed a project known as Project Eraser to ensure proper deletion of user data.”

In response to Zatko’s complaint, Twitter accused the former security chief of sensationalism and selective reporting.

Officials’ reaction

The Federal Trade Commission has addressed the Peter Zatko report, and in addition, Mudge has already been added to the witness list for Elon Musk’s trial, which begins October 17.

The investigation has no results yet. According to the source, even the US Congress participated in the process. Some senior lawmakers said their committees and staff are currently investigating the allegations.

• Senator Richard Durbin, chairman of the Senate Judiciary Committee, confirmed that he is investigating the matter and will “take further action to address these troubling allegations, if necessary.”
• Congressman Frank Pallone, chair of the House’s Energy and Commerce Committee, said the same.
• Democratic senators Edward Markey and Richard Blumenthal have sent letters to various law enforcement agencies, such as the Federal Trade Commission, urging them to open their own investigations into Zatko’s allegations.

If Twitter is found to violate the terms of a 2010 agreement with the FTC to resolve security concerns with federal regulators that ban privacy and security misrepresentations, the company could face a hefty fine.