On Tuesday, CNN and The Washington Post obtained the whistleblower disclosure previously sent to Congress by an individual identified as Peiter “Mudge” Zatko. In a statement on Tuesday, the Whistleblower Aid organization said that they were representing Zatko “who served as Security Lead on Twitter’s senior executive team until January 2022.”
“Following a very public hack of Twitter by teenagers in July 2020, former CEO Jack Dorsey personally recruited Mudge to help address Twitter’s security problems and technological debt,” Whistleblower Aid said in the statement. “Beginning in December 2021, Mudge began the lawful disclosure process and exhausted internal channels before contacting law enforcement agencies. Mudge was terminated by Twitter in January 2022.”
Some of the security flaws outlined include Twitter’s failure to delete some users’ personal data after they delete their accounts and that the social media giant is unable to accurately determine the number of bots, or fake accounts on Twitter, according to Zatko.
He accused Twitter of keeping some data of Twitter users after their accounts are deleted as the social media platform sometimes loses track of where the data is. Twitter’s Help Center states that after deactivating an account, some of the users’ data will still be available on search engines like Google “because Twitter doesn’t control those sites.”
“Twitter may retain some information on your deactivated account to ensure the safety and security of its platform and people using Twitter,” the Twitter Help Center said.
Earlier this year, Tesla and SpaceX CEO Elon Musk nearly purchased Twitter. However, Musk backed out of the purchase and accused the social media platform of having too many bots.
Zatko said in his whistleblower disclosure that Twitter is unable to count the exact number of bots on the site and said that Twitter “had no appetite to properly measure the prevalence of bots,” CNN reported.
Zatko’s whistleblower report apparently detailed an incident in which Twitter was notified by the U.S. government that one of its employees was acting as an agent for foreign governments. In 2010, the U.S. Federal Trade Commission (FTC) called on Twitter to fix some of its issues with users’ personal information. However, according to CNN, Zatko said that Twitter never complied with the FTC’s request.
In a statement sent to CNN, a spokesperson for Twitter disputed many of Zatko’s claims and said that he “was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance.”
The statement continued: “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
Newsweek reached out to Twitter for further comment.
