AND informant claims that Twitter, Inc. (TWTR) “violated numerous laws and regulations” and exhibited “extreme, serious deficiencies” regarding privacy, security, and content moderation. Additionally, a former Twitter executive claims the microblogging and social media company provided Tesla, Inc.TSLA) CEO Elon Musk, who is leading a legal battle withdraw its offer to buy Twitter.
The nonprofit law firm Whistleblower Aid filed a “protected, statutory disclosure” regarding the whistleblower’s claims US Securities and Exchange Commission (SEC), US Federal Trade Commission (FTC)and the US Department of Justice (DOJ). Musk has made his own claim that Twitter grossly underestimates the number of spam and bot accounts on its platform, and a whistleblower filing may help bolster Musk’s case against the company.
- The whistleblower claims that at Twitter, Inc. (TWTR) there are widespread breaches, security vulnerabilities and deceptive practices.
- The whistleblower is Twitter’s former head of security.
- It also claims that Twitter provided misleading information to potential buyer Elon Musk.
- The latter claim may help Musk in his legal battle to withdraw the offer.
The whistleblower is Peiter “Mudge” Zatko, a former member of Twitter’s leadership team responsible for information security, privacy, physical security, information technology and global content moderation enforcement, reporting directly to CEO Parag Agrawal. Zatko worked on Twitter from November 16, 2020 until the morning of January 19, 2022, when Agrawal terminated him.
Other allegations and concerns
In his complaint to the SEC, Zaťko claims that he “witnessed a senior manager[s] engaging in deceptive and/or misleading communications affecting board members, users and shareholders” on various occasions in 2021. He further claims that CEO Parag Agrawal asked him to provide false and misleading documents.
Other allegations Zaťko made in his filings with regulators include:
- Twitter executives misled their own board and government regulators about its security weaknesses.
- These vulnerabilities can facilitate foreign espionage, manipulation, hacking, and disinformation campaigns.
- Twitter does not reliably delete users’ data after they cancel their accounts, and has misled regulators about whether it deletes data as required.
In his final message to Twitter after being fired, Zaťko warned that:
- The company is experiencing “a frankly staggering volume and frequency of security incidents affecting large amounts of user data.”
- More than half of its 500,000 servers were running outdated software.
- More than a quarter of employees’ computers have turned off software updates that can provide important security patches.
- The company provides disproportionately broad access to the platform’s production environment.
However, Zaťko provides limited evidence in his complaint about spam and bots, which is a key issue for Elon Musk, as noted above. As a result, it is difficult to assess the potential impact of these allegations at this time.