Al Mayadeen English

  • Ar
  • Es
  • x
Al Mayadeen English

Slogan

  • News
    • Politics
    • Economy
    • Sports
    • Arts&Culture
    • Health
    • Miscellaneous
    • Technology
    • Environment
  • Articles
    • Opinion
    • Analysis
    • Blog
    • Features
  • Videos
    • NewsFeed
    • Video Features
    • Explainers
    • TV
    • Digital Series
  • Infographs
  • In Pictures
  • • LIVE
News
  • Politics
  • Economy
  • Sports
  • Arts&Culture
  • Health
  • Miscellaneous
  • Technology
  • Environment
Articles
  • Opinion
  • Analysis
  • Blog
  • Features
Videos
  • NewsFeed
  • Video Features
  • Explainers
  • TV
  • Digital Series
Infographs
In Pictures
  • Africa
  • Asia
  • Asia-Pacific
  • Europe
  • Latin America
  • MENA
  • Palestine
  • US & Canada
BREAKING
Israeli Channel 13: The Iranian nuclear program cannot be destroyed with missiles, even if we spend another year attacking it alongside the Americans.
Over 30 casualties in a suicide bombing that targeted the Mar Elias Church in Damascus, Syria.
Iranian Shura Council recommends the closure of the Hormuz Strait and leaves the decision up to the Iranian National Security Council.
IRGC Commander Major General Mohammad Pakpour: As time passes, the people's solidarity increases, which is a divine blessing
IRGC Commander Major General Mohammad Pakpour: The Iranian Revolution Guard Corps' aerospace operations will not stop
Russian Foreign Ministry: IAEA Director General Rafael Grossi must ensure that an objective report is presented at the special session of the International Atomic Energy Agency (IAEA)
Russian Foreign Ministry: The UN Security Council must respond to the US attacks on Iran
Russian Foreign Ministry: We strongly condemn the US strikes on Iran, calling the decision irresponsible
Iranian Red Crescent: Three personnel martyred, 29 injured in Israeli aggression
IRGC: We have identified and monitored the departure points of the US aircraft that carried out the aggression

Twitter whistleblower reveals company's 'extreme' security liabilities

  • By Al Mayadeen English
  • Source: Agencies
  • 24 Aug 2022 09:52
5 Min Read

Twitter’s former head of security accuses the company of “extreme, egregious deficiencies” in its handling of user information and spam bots in a scathing whistleblower complaint.

  • x
  • Ex-executive blows the whistle on Twitter's extreme security hacks
    Ex-executive blows the whistle on Twitter's "extreme" security hacks

Veteran hacker and security expert Peiter Zatko, also known as “Mudge”, claims Twitter has deceived users, board members, and the federal government about the strength of its security measures - accusing it of “extreme, egregious deficiencies”. 

The base of the complaint

Zatko wrote in an analysis in February that was included in the complaint: “Twitter is grossly negligent in several areas of information security, if these problems are not corrected, regulators, media, and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.”

Zatko filed the complaint, which was first reported by the Washington Post and CNN on Tuesday morning, to the Securities and Exchange Commission (SEC), Department of Justice, and the Federal Trade Commission (FTC). A redacted version of the complaint has been sent to multiple congressional committees.

The filing alleges that Twitter has violated its 2011 settlement with the FTC where the company said it would create an extensive security plan to protect users’ personal information. Zatko states that user data are vulnerable to hacks, including those coming from Twitter’s most high-profile verified handles. 

A specific issue he raises is the access that thousands of Twitter employees have to the company’s core software and the low security he sees many of their hardware have. The complaint alleges that about 30% of laptops in the company automatically blocked updates that included security fixes - accusing Twitter executives of purposefully misleading the company’s board of directors about these vulnerabilities.

A presentation demonstrated late last year to the board’s risk committee showed that 92% of employees’ computers had security software installed. Despite his protests, Zatko alleges executives failed to tell them that a third of the company’s computers were still susceptible. After Zatko internally reported that the risk committee’s meeting may have been fraudulent, he was fired by the company's CEO, Parag Agrawal, in January.

Related News

Musk proves to be the anti-hero of Corporate America

'Chief Twit' warns of rough times if Twitter doesn't make new money

The complaint also argues that Twitter has not been upfront about the number of spam bots it deals with. Zatko said he could not get Twitter to tell him a straight answer on how much spam and bots exist on the platform, adding that Agrawal was “lying” when he said in May that Twitter was “strongly incentivized to detect and remove as much spam” as possible and that company executives were instead encouraged to grow user numbers.

Twitter's string of scandals 

Twitter has come under fire in recent months for its management of sensitive user information. Earlier this month, a former Twitter employee was found guilty of spying on Saudi dissidents and passing their information on to the Saudi government. The US Justice Department says he abused his access to Twitter user data, obtaining personal information from political dissidents and passing it on to Saudi Arabia in exchange for a costly watch and hundreds of thousands of dollars.

Twitter warned as well that municipal, state, and national governments around the world are increasingly requesting that the company erase content and reveal private information from user accounts, with the company stating that it fulfilled roughly 40% of all requests for user data. The company was also fined $150 million by the US federal government for collecting user email addresses and phone numbers for security purposes and then using them for marketing purposes.

In a statement, Twitter has denied Zatko’s accusations and said that he was let go for poor performance and leadership.

The company told CNN in a statement: “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that are riddled with inconsistencies and inaccuracies and lack important context... Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers, and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Zatko told the Washington Post that he felt “ethically bound” to report his findings and that it “is not a light step to take”.The complaint comes amid Twitter’s legal battle with Elon Musk after the latter dropped his plans to purchase the company for $44 billion, saying the company has underestimated the prevalence of bots on its platforms. 

Twitter sued Musk for breaching the contract he signed to buy the tech firm, calling his exit strategy "a model of hypocrisy." The suit filed in the US state of Delaware urges the court to order the billionaire to complete his deal to buy Twitter, arguing that no financial penalty could repair the damage he has caused.

Representatives for Zatko told CNN he had not been in contact with Musk. Meanwhile, Musk’s attorney Alex Spiro said that they have issued a subpoena for him and “found his exit and that of other key employees curious in light of what we have been fighting”.

The company is scheduled to go to trial with Musk in Delaware in October.

Read more: MBS's crackdown: A Saudi mother sentenced for 34 years for Tweeting

  • Parag Agrawal
  • US
  • Elon Musk
  • Security
  • Twitter

Most Read

Iran launches 9th wave of Op. True Promise 3, destroys IOF air defense

Iran launches 9th wave of Op. True Promise 3, destroys IOF air defense

  • MENA
  • 17 Jun 2025
Rescue team work at the site where a missile launched from Iran struck Tel Aviv, Israel, Monday, June 16, 2025 (AP)

Wave 12 of Operation True Promise 3 launched, Sejjil deployed: IRGC

  • Politics
  • 18 Jun 2025
Israeli workers survey the site where a missile launched from Iran struck in Haifa on Sunday, June 22, 2025. (AP)

True Promise 3, wave 20: 40 missiles launched, Kheibar-Shekan in first

  • Politics
  • Today
Iran launches missile barrage to Tel Aviv, casualties reported

True Promise 3, wave 14: Tel Aviv targeted, casualties reported

  • Politics
  • 19 Jun 2025

Coverage

All
The Ummah's Martyrs

Read Next

All
Iran UN Ambassador Amir Saeid Iravani addresses a United Nations Security Council meeting, Friday, June 20, 2025. (AP)
Politics

Iran demands urgent UN Security Council session over US airstrikes

CIA Director John Ratcliffe, testifies before a hearing April 18, 2023, on Capitol Hill in Washington (AP/Manuel Balce Ceneta)
US & Canada

Trump aides pushed war on Iran with Mossad-fed intel, ignoring dissent

This photo released on Nov. 5, 2019, by the Atomic Energy Organization of Iran shows centrifuge machines in the Natanz uranium enrichment facility in central Iran. (Atomic Energy Organization of Iran via AP, File)
Politics

Iran: Minor damage to nuclear sites after US attack, no radiation

The U.S. Capitol, on June 5, 2025, in Washington. (AP)
Politics

US lawmakers condemn Trump’s strikes on Iran; MAGA base frustrated

Al Mayadeen English

Al Mayadeen is an Arab Independent Media Satellite Channel.

All Rights Reserved

  • x
  • Privacy Policy
  • About Us
  • Contact Us
  • Authors
Android
iOS