A whistle-blower complaint from Twitter Inc.’s former head of security, claiming severe shortcomings in the social media company’s handling of users’ personal data, will have wide ramifications for the business.
US lawmakers vowed to investigate, and the legal team for Elon Musk, who is seeking to abandon his agreement to acquire Twitter, was emboldened by the claims. Twitter shares fell as much as 5% on Tuesday, the biggest intraday drop in more than a month.
The former executive, Peiter Zatko, alleged “egregious deficiencies” in Twitter’s defenses against hackers and other lax approaches to security, according to a copy of the complaint reviewed by Bloomberg. Zatko said he had warned colleagues that some of Twitter’s servers were running out-of-date software and that executives had withheld information about breaches and lack of protections for user data.
US House representatives confirmed the whistle-blower complaint in a joint statement from Frank Pallone and Cathy McMorris Rodgers, the top Democrat and Republican on a House panel that received the report. “The Energy and Commerce Committee is actively reviewing the Twitter whistleblower disclosure and assessing next steps,” they wrote. “There are still a lot of unknowns and questions that need to be answered. Many of these allegations, if true, are alarming and reaffirm the need for Congress to pass comprehensive national consumer privacy legislation to protect Americans’ online data.”
Thousands of employees also had access to core company software, which led to hacks of high-profile users, according to the report. The Washington Post, which first reported on the complaint along with CNN, said it was sent to the US Securities and Exchange Commission, the Justice Department and the Federal Trade Commission. The DOJ, FTC and SEC declined to comment.
The whistle-blower document also alleged that Twitter prioritized growth over reducing the number of spam accounts, offering executives cash bonuses of as much as $10 million tied to increasing the number of daily users. Spam and “bots” on Twitter have been a key flash point in the company’s dispute with Musk. Musk’s lawyers also said Tuesday that they have issued a subpoena for Zatko to testify in the court battle. Legal experts said Zatko’s complaint bolsters Musk’s case.
Twitter pushed back. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that are riddled with inconsistencies and inaccuracies and lack important context,” a Twitter spokesman said when contacted for comment by Bloomberg. “Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
Twitter said Zatko was fired in January for “ineffective leadership and poor performance.” Bloomberg was unable to immediately reach Zatko for comment. Whistleblower Aid, which represents him, said in an emailed statement that Zatko and the group are unable to comment, citing legal obligations.
In a memo reviewed by Bloomberg, Chief Executive Officer Parag Agrawal told employees it was likely “frustrating and confusing to read” the complaint, “given Mudge was accountable for many aspects of this work that he is now inaccurately portraying more than six months after his termination.” Agrawal warned of further distractions and said he will address employees at a meeting Wednesday.
