Twitter’s former head of security has blown the whistle on weaknesses in security, including vulnerabilities that could lay the social media platform open to cyberattacks that could have major national-security implications.
The allegation from Peiter “Mudge” Zatko, who sent a 200+ page disclosure to Congress detailing issues that he claims could allow foreign manipulation of users, account hacking and espionage, and disinformation campaigns ahead of the 2022 US midterm elections.
When it comes to privacy, Zatko alleged that Twitter does not steward user information well, often losing track of it or not deleting data when it’s required to do so.
The allegations certainly fall in the “bombshell” category, but some in the security community are unsurprised by the claims, especially given the infamous compromise of verified accounts in 2020 by an attacker who was able to access Twitter’s internal control platforms.
Twitter denies the allegations and claims Zatko should be discredited given that he was fired in January for “poor performance.”
“Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”Twitter Statement
Meanwhile, members of the cybersecurity community have rallied around Zatko, pointing to his character and track record for integrity.